[dm-crypt] How to derive master key in plain dm-crypt mode

Ralf Ramsauer ralf+dm at ramses-pyramidenbau.de
Wed Dec 10 16:56:01 CET 2014


On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote:
> Hi,
>
> In plain dm-crypt mode, there is no encrypted master key on the device
> (i.e., no metadata header). Is a master key derived from the user
> passphrase and used to en-/decrypt the device? If yes, how to derive
> the master key from the passphrase in plain mode?
Hi,

No.

In short words and to sum it up:
The passphrase is used to generate some "intermediate" key, using a Key
Derivation Function. In case of Luks, this function is PBKDF2.
This derived key is used to decrypt a Keyslot in the Luks header of your
volume, which contains the actual masterkey.

So having only the passphrase is not sufficient to derive a volume's
masterkey.

cheers
  Ralf
>
> Thanks.
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt



More information about the dm-crypt mailing list