Comment by dangero
Depends on the use case. If boot requires a password, the computer can never lose power or be rebooted without human presence. That’s not always practical.
Depends on the use case. If boot requires a password, the computer can never lose power or be rebooted without human presence. That’s not always practical.
> Has this solution been audited?
Only insofar as everybody that I’ve asked over the years has failed to find anything wrong with it. But no formal verification has been done.
> In particular, is it safe to replay attacks by actors listening in to the network traffic?
Yes, it is safe, since we make sure to only use TLS with PFS.
> Also from the diagram it looks like the secret key is stored unencrypted on the server, or do I read it wrong?
No, the secret is stored encrypted on the server, encrypted with a key which only the client ever has.
For more information, see the introduction and FAQ: <https://www.recompile.se/mandos/man/intro.8mandos>
That is what remote kvm are for and if you do that on commodity hardware you can start a tiny ssh server starting up from an initrd. Having said that an attacker with local access could change the initrd without your knowledge so that it logs the password you enter so it is not necessarily the most secure solution.
You can reboot your full-disk-encryption server while you sleep. Obligatory plug: <https://www.recompile.se/mandos>
Disclosure: I am a co-author of Mandos.