package: debian-installer severity: wishlist It is possible to encrypt loop-aes and dm-crypt tmp (like /tmp or /var/tmp) partitions with a random key at boot time, but the Debian installer will not configure this. The installer will only configure swap partitions like that.
Creating a random key at each boot is more secure than using the same one, since then data will be securely deleted when the key is deleted, which normally happens at shutdown. (For exceptions, read about cold boot attacks.) Random keys also spare the user the trouble of having to type a password at each boot and worrying about the security of the key and the password. A possible workaround is to configure the would-be tmp partitions as swap partitions during the installation process, and manually configure them to be tmp partitions after the first boot of the new Debian system. An fstab entry for a loop-aes encrypted swap partition, with a new random key at each boot, looks like this. /dev/sda6 none swap sw,loop=/dev/loop0,encryption=serpent256 0 0 An fstab entry for a loop-aes encrypted tmp partition, with a new random key at each boot, looks like this. /dev/sda7 /tmp ext2 defaults,loop=/dev/loop1,encryption=serpent256,phash=random/1777 0 0 More detailed documentation about loop-aes can be found in the losetup manual page. Similar functionality is available for dm-crypt. A crypttab entry for a dm-crypt encrypted swap partition, with a new random key at each boot, looks like this. sda7_crypt /dev/sda6 /dev/random cipher=serpent-cbc-essiv:sha256,size=256,swap Here is the fstab entry. /dev/mapper/sda6_crypt none swap sw 0 0 A crypttab entry for a dm-crypt encrypted tmp partition, with a new random key at each boot, looks like this. sda7_crypt /dev/sda7 /dev/random cipher=serpent-cbc-essiv:sha256,size=256,tmp=ext2 Here is the fstab entry. /dev/mapper/sda7_crypt /tmp ext2 defaults 0 0 More detailed information about dm-crypt can be found in the manual pages cryptsetup and crypttab. Personally, I prefer to use loop-aes for this application for the following reasons: * It has a multi-key mode in which it uses 64 keys plus an additional 65th key, which makes it more secure. * It seems to be faster during boot time. Dm-crypt seems to take a long time creating the ext2 partitions. * dm-crypt might be more supported by Linux, but it is just a tmp partition, so if a kernel upgrade breaks loop-aes, there will be no data loss. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
