why is it a risk to clone a LUKS container?

Solution 1:

As long as you keep the clone identical to the original, there is no security breach. But if you add data to either the original or the clone, or change the passphrase, the existence of the clone adds security issues.

The problem with cloning is being able to access the clone will forever be equivalent to being able to access the original. First, if you use the clone in an insecure environment where someone can obtain your passphrase (with a keylogger, shoulder surfing, …), then they get your passphrase for the original. Furthermore, if someone is ever able to obtain the master key on the clone, then they have the master key on the original (i.e. they can access the original, whether they have a passphrase for it or not). So if

• you mount the clone on a compromised machine; or
• an attacker can obtain your passphrase and a copy of the clone encrypted with this passphrase; or
• an attacker has access to the encrypted clone and is able to crack your passphrase by a dictionary search;

then the attacker gains access to the clone and can decrypt the original. Since the master key is fixed in stone, this is true even if you changed the passphrase after cloning.

To clone a LUKS volume securely, you should create a new volume, apply the same passphrase (unless you want to change it), and copy the data.