Solved Do I need to keep geli metadata secure?

L

listentoreason

I'm in the process of learning about the implementation of geli. I understand that it requires metadata, and I have the impression (possibly wrong) that if I totally lose the metadata that the encrypted data is also lost for good. I know that geli init by default will create a metadata backup in /var/backups/, or that I can trigger a metadata backup anytime with geli backup.

My question is: would an attacker have an advantage if they also had the metadata backup file? I have read some interesting posts discussing the fact that the presence of the metadata file will unambiguously indicate that an encrypted provision exists, and that there is an interest in transparent mechanisms to obscure the presence of encrypted file systems (plausible deniability). But does having the metadata make cryptographic attacks any easier? My sense is "no", but I have very little concept of what the metadata actually contains, so I'm not confident in that impression.

Thanks!
 
You should keep it secure. If it's not secure then you can never change the passphrase/passfile securely because an attacker can use the old passphrase with the old version of the metadata. Likewise you lose the ability to render the data unreadable by deleting the metadata.
 
Morbius said:
If it's not secure then you can never change the passphrase/passfile securely because an attacker can use the old passphrase with the old version of the metadata. Likewise you lose the ability to render the data unreadable by deleting the metadata.
Click to expand...

I can see what you're saying, but would that capability (being able to render the data unreadable in the event that the passphrase was known) be better served with the keyfile? Destruction of the keyfile should render the data absolutely irretrievable. For the "hard core" geli implementations I've seen the keyfile is kept physically separate, typically on a USB thumb drive, and is removed from the server after geli has been attached. As far as I can tell the metadata must remain with the provision (though the backup need not).

If an attacker does not know my passphrase, does the metadata backup file reduce the strength of the encryption? Does having it make it more likely that the attacker can deduce the passphrase, or otherwise help decrypt the provision? My scenario is someone steals the server (i.e. stuffs it in a bag and runs off to sell it), so the "in place" metadata (being used by the kernel to manage the actual provision) is present. I'd like to know if it matters if the metadata backup file is also on the server, or if I should squirrel it away somewhere else.
 
If the metadata can be used for attack purposes then it can be argued that the whole encryption scheme is unsecure. I have a hard time believing that is the case with GELI. You always have to assume that the potential attacker can see all of the ciphertext, in this case the encrypted data on the disk including all the metadata.
 
That makes sense, thank you. I'll copy the metadata backup file elsewhere for the purposes of emergency recovery, but not worry about its presence weakening the encryption.
 
You must log in or register to reply here.
Back
Top