hi!

Hi, if I understand the concept correctly, the initial ramdisk isn't
encrypted, and holds the ssh host key.  Doesn't this enable an attacker
to steal the cryptroot passphrase?

that's correct.
if the attacker has physical access to the host, the host key can be stolen. this could be used for a mitm attack to capture the cryptroot passphrase when entered from remote. this is also true for the cryptroot concept itself, currently with physical access to the host the initramfs could also be compromised to capture the passphrase when entered at the console. (other things to consider regarding physical security would be hw-keyloggers, tempest, the-recent-eff/princeton-dram-nightmare, etc.)

these things should of course be considered when using cryptroot and/or when unlocking from remote.

i'm currently checking out possible solutions, i.e. a way to check the machine's identity from remote, and the integrity of the software running. in general i guess this is a different, disjunctive topic, but interesting not just for the reasons above, but beyond that because this should make a secure split-key mechanism possible, enabling an automated secure cryptroot boot without any human interaction...

regards,

        Chris



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to