I have previously used TrueCrypt for creating encrypted directories on servers.
ID: 658151 • Letter: I
Question
I have previously used TrueCrypt for creating encrypted directories on servers. I am now trying ecryptfs due to the end of development announcement in May.
I see that when I encrypt a directory and filenames with ecryptfs (with a different passphrase from the user account passphrase), it places a key signature in /root/.ecryptfs/sig-cache.txt.
My understanding is that this is derived and salted from the passphrase and then used for mounting the directory.
I have read that this key is potentially vulnerable to a dictionary attack although that would be practically impossible with a strong passphrase, but what stops you from mounting/decrypting the files with knowledge of just this key?
Explanation / Answer
The sig-cache.txt is only a signature of the file encryption key. This means that it is not used at all to decrypt the encrypted volume. It is only used to verify that the encryption key stored has not been modified or changed. This is to ensure that the correct key is being used for decryption before actually attempting to decrypt any data. If only this signature is known it cannot be used to generate the file encryption key in any way.
The ArchLinux Wiki gives an example of how to add a passphrase, and you can see that caching a signature of an encryption key is optional.
However, if an attacker is at the point where they can see this file then it's possible that they are already in a position to request the encryption key from the kernel. As root access would be necessary for both of these actions.