why is it a risk to clone a LUKS container?

Posted by laramichaels on Ask Ubuntu See other posts from Ask Ubuntu or by laramichaels
Published on 2012-06-08T22:33:05Z Indexed on 2012/06/08 22:47 UTC
Read the original article Hit count: 244

Filed under:
|

I recently installed Ubuntu onto an encrypted partition using the LUKS+LVM combination that the 'alternate' installer offers. Now I want to create backups of my HD.

From the LUKS FAQ:

6.15 Can I clone a LUKS container?

You can, but it breaks security, because the cloned container has the same header and hence the same master key. You cannot change the master key on a LUKS container, even if you change the passphrase(s), the master key stays the same. That means whoever has access to one of the clones can decrypt them all, completely bypassing the passphrases.

How can the existence of a perfect clone of my encrypted HD break security if it contains the exact same information as my live encrypted HD?

In which sense does keeping updated clones of my LUKS-encrypted HD around "break security"?

© Ask Ubuntu or respective owner

Related posts about encryption

Related posts about luks