mandos-client on Debian Buster
Jesse Norell
jesse at kci.net
Tue Sep 3 19:08:30 CEST 2019
On Tue, 2019-09-03 at 18:47 +0200, Teddy Hogeborn wrote:
> Hmm, Mandos is really meant to unlock only the root device, since if
> you
> have additional devices to unlock, you could just store the keys to
> those additional devices directly in files on that root file system,
> possibly somewhere in the /etc/keys directory. Is there a reason for
> why you want to use Mandos to unlock more than one device? What
> threat
> model do you mean to defend against using this setup?
We do this as well, and I would prefer that mandos could be used with
different key pairs for different devices (so: feature request?). You
are correct, it's more security through obscurity, but my thinking is
that when the system is booted, it is much easier (and more common in
practice) for someone to collect decryption keys (for a secondary
device) if they are sitting in a file on the (root) disk than if they
had to examine the actual boot process to see that mandos-client is
used with a specific key pair in non-standard location and run that to
obtain decryption keys.
In truth, the level of threat where an actor would obtain decryption
keys while the system is booted, to be used on the physical disk at a
later time would largely be to protect data from law enforcement
seizure, and isn't something we are nearly as concerned about compared
to other remote/online threats. But still, if mandos-client supported
it, it would be "low hanging fruit" for me to implement. :)
--
Jesse Norell
Kentec Communications, Inc.
970-522-8107 - www.kci.net
More information about the Mandos-Dev
mailing list