why is it a risk to clone a LUKS container?
Posted
by
laramichaels
on Ask Ubuntu
See other posts from Ask Ubuntu
or by laramichaels
Published on 2012-06-08T22:33:05Z
Indexed on
2012/06/08
22:47 UTC
Read the original article
Hit count: 244
encryption
|luks
I recently installed Ubuntu onto an encrypted partition using the LUKS+LVM combination that the 'alternate' installer offers. Now I want to create backups of my HD.
From the LUKS FAQ:
6.15 Can I clone a LUKS container?
You can, but it breaks security, because the cloned container has the same header and hence the same master key. You cannot change the master key on a LUKS container, even if you change the passphrase(s), the master key stays the same. That means whoever has access to one of the clones can decrypt them all, completely bypassing the passphrases.
How can the existence of a perfect clone of my encrypted HD break security if it contains the exact same information as my live encrypted HD?
In which sense does keeping updated clones of my LUKS-encrypted HD around "break security"?
© Ask Ubuntu or respective owner