[dm-crypt] How to derive master key in plain dm-crypt mode
ralf+dm at ramses-pyramidenbau.de
Wed Dec 10 16:56:01 CET 2014
On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote:
> In plain dm-crypt mode, there is no encrypted master key on the device
> (i.e., no metadata header). Is a master key derived from the user
> passphrase and used to en-/decrypt the device? If yes, how to derive
> the master key from the passphrase in plain mode?
In short words and to sum it up:
The passphrase is used to generate some "intermediate" key, using a Key
Derivation Function. In case of Luks, this function is PBKDF2.
This derived key is used to decrypt a Keyslot in the Luks header of your
volume, which contains the actual masterkey.
So having only the passphrase is not sufficient to derive a volume's
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt