why is it a risk to clone a LUKS container?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by laramichaels on Ask Ubuntu See other posts from Ask Ubuntu or by laramichaels
Published on 2012-06-08T22:33:05Z Indexed on 2012/06/08 22:47 UTC
Read the original article Hit count: 243

Filed under:
|

I recently installed Ubuntu onto an encrypted partition using the LUKS+LVM combination that the 'alternate' installer offers. Now I want to create backups of my HD.

From the LUKS FAQ:

6.15 Can I clone a LUKS container?

You can, but it breaks security, because the cloned container has the same header and hence the same master key. You cannot change the master key on a LUKS container, even if you change the passphrase(s), the master key stays the same. That means whoever has access to one of the clones can decrypt them all, completely bypassing the passphrases.

How can the existence of a perfect clone of my encrypted HD break security if it contains the exact same information as my live encrypted HD?

In which sense does keeping updated clones of my LUKS-encrypted HD around "break security"?

© Ask Ubuntu or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about encryption

Related posts about luks

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle