[dm-crypt] plain: opening with a wrong password

U.Mutlu for-gmane at mutluit.com
Thu Feb 5 14:53:00 CET 2015


Arno Wagner wrote, On 02/05/2015 12:54 PM:
> On Wed, Feb 04, 2015 at 14:30:17 CET, U.Mutlu wrote:
>> Quentin Lefebvre wrote, On 02/04/2015 02:02 PM:
>>> Hi,
>>>
>>> Le 04/02/2015 13:33, U.Mutlu a écrit :
>>>> Hi,
>>>> what happens if an encrypted filesystem (plain, no LUKS)
>>>> next time is opened accidently with a wrong password,
>>>> and new data written to it? Will the filesystem then become
>>>> damaged/unusable?
>>>
>>> What typically happens when you use a wrong password is that the
>>> cryptsetup create/open command is indeed successful, but mounting your
>>> partition will fail (because the filesystem is not detected).  So you
>>> have few chance to accidentally damage a filesystem, even in plain
>>> mode.
>>
>> I tried this out now, and indeed that's cool!
>> Thank you for this useful tip, it spares me to study further
>> also the LUKS stuff, as plain is IMHO sufficient for my needs.
>> The main drawback with plain seems to be that one cannot change
>> the password, instead one needs to re-enrcrypt into a new file/device.
>
> That, you have only one password, and you do not get some
> additional protection for weak passwords from salting and
> iteration. With a good, passphease plain is about as secure
> as LUKS, namely not breakable. (See FAQ item 5.1 for details
> of what "good" means.)
>
> Arno

Yes, and one better should create a password by using a password hasher like 
the following:
$ echo mypassword | hashalot -x -s mysalt sha256
5d9de7f56a469782ff8a6be363418f62d6f93e33c3adb5c216e7e9c2f9947240
and pass the result to the target (of course using something else for 
"mypassword" and "mysalt").

cu
Uenal





More information about the dm-crypt mailing list