hi!
Hi, if I understand the concept correctly, the initial ramdisk isn't
encrypted, and holds the ssh host key. Doesn't this enable an attacker
to steal the cryptroot passphrase?
that's correct.
if the attacker has physical access to the host, the host key can be
stolen. this could be used for a mitm attack to capture the cryptroot
passphrase when entered from remote.
this is also true for the cryptroot concept itself, currently with
physical access to the host the initramfs could also be compromised to
capture the passphrase when entered at the console.
(other things to consider regarding physical security would be
hw-keyloggers, tempest, the-recent-eff/princeton-dram-nightmare, etc.)
these things should of course be considered when using cryptroot and/or
when unlocking from remote.
i'm currently checking out possible solutions, i.e. a way to check the
machine's identity from remote, and the integrity of the software
running. in general i guess this is a different, disjunctive topic, but
interesting not just for the reasons above, but beyond that because this
should make a secure split-key mechanism possible, enabling an automated
secure cryptroot boot without any human interaction...
regards,
Chris
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
