[dm-crypt] A question about cryptsetup "plain" mode.

Matt Lee darkstar0702 at gmail.com
Tue Jan 31 04:09:20 CET 2012


I understand that in plain mode, the key is derived from the passphrase.

I did a little experimentation to try to understand how this works a little
better, but my results were not as expected.

I did the following:

First I created a file for use as a test container:
<code>dd if=/dev/urandom of=test.dd bs=1 count=1024</code>
1+0 records in
1+0 records out
1024 bytes (1.0 kB) copied, 0.000143915 s, 7.1 MB/s

Next, I mapped a device using a simple passphrase:
<code>cryptsetup create crypto test.dd</code>
Enter passphrase: [entered passphrase "test"]

Next, I zeroed the device:
<code>dd if=/dev/zero of=/dev/mapper/crypto</code>

Then I verified the the device was zeroed-out:
<code>hexdump /dev/mapper/crypto</code>
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
0000400

So far so good.  I unmapped the device:
<code>cryptsetup remove crypto</code>

Here, I made a random file with a size of 1 byte:
<code>dd if=/dev/urandom of=whatever bs=1 count=1</code>
1+0 records in
1+0 records out
1 byte (1 B) copied, 1.4503e-05 s, 69.0 kB/s

...and attached it to the beginning of my test container:
<code>cat whatever test.dd > test2.dd</code>

Then, I mapped out the device again with the exact same settings as before,
except now my test container has the one extra random byte added to the
beginning:
<code>cryptsetup create crypto test2.dd</code>
Enter passphrase: [entered same passphrase "test"]

Here is where I got the unexpected results.  Since the key is derived from
the passphrase, I though the hexdump would show 1 byte's worth of random
data, followed by all zeroes.  Instead, adding that one byte to the
beginning of the container threw everything completely off, and I got all
random data:
<code>hexdump /dev/mapper/crypto</code>
0000000 93cd 77dd 88cb afa5 3797 c95f 75f0 1330
0000010 bb4e c250 1fde af35 39e8 5d58 f67d cb9a
0000020 b9ba 5227 7424 d6cf 9992 202d 5b98 f084
...etc, etc.

Can anyone explain these results to me so I can better understand what is
actually going on here?

Thanks for your time!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20120130/2fdf1c6e/attachment.html>


More information about the dm-crypt mailing list