[dm-crypt] crypsetup segfaulting during luksFormat

Milan Broz mbroz at redhat.com
Thu Jul 8 17:11:08 CEST 2010


On 07/08/2010 04:29 PM, Sven Eschenberg wrote:
> Hi Milan,
> 
> Even worse, actually byte swappig is done to store the int in a big
> endian manner, unfortunately, since it is done wrong, on big endian
> systems all block indeces would be zero and they are part of the Derived
> Key. I wonder if this has a security impact as in quality of derived key
> on big endian systems.

You mean when int is big endian and 64bit? Do you see system where it is wrong
or just guessing?

There is no direct key encryption derived using this code, it is just keyslot
obfuscation + keyslot passphrase verification (master key in LUKS is generated from RNG)
(plain crypt do not use this at all)

That algorithm is not new and passed PBKDF2 test vectors (I will probably add this test
to api check also).

I run test on several architectures - all keyslot operation should fail on prepared image
if there is such bug.

(But it should explicitly use uint32 there.)

Milan


More information about the dm-crypt mailing list