I just came across the file /root/keyfile that stores my LUKS drive encryption password in plaintext. Why??!? I am not using a keyfile; I am using a password only. I thought that password was secure only to find it written out in plaintext on my server. This is a huge security hole. I tried deleting the file, but it is recreated on each startup.
Why would Unraid store the LUKS password in a plaintext file? Why store it all? Why not just keep it exclusively in memory? Most importantly, HO
First a great deal of thought, design, and effort went into the Unraid OS encryption feature. However we do think there are improvements we should make in the interest of securing the server as much as possible.
To clear some things up:
If you use a passphrase, whatever you type is written to /root/keyfile
If you upload a key file, the contents of that file are written to /root/keyfile
Hence we always pass "--key-file=/root/keyfile" to cryptsetup when opening en