[dm-crypt] plain: opening with a wrong password

Arno Wagner arno at wagner.name
Fri Feb 6 19:27:29 CET 2015


On Fri, Feb 06, 2015 at 15:01:40 CET, dennis at basis.uklinux.net wrote:
> On Fri, Feb 06, 2015 at 12:51:35AM +0100, Arno Wagner wrote:
> > If your passphrase is weak enough that a dictionary
> > attack has a reasonable success of working (and a dictionary
> > attack is the only thing the salt that hashalot adds helps 
> > against), then you are pretty deep in insecure territory and
> > _need_ the hash iteration that LUKS provides, but which is 
> > missing from both plain and hashalot.
> >
> >...
> >
> > Please do not spread unsubstantiated rumors. It is hard enough
> > these days for non-experts to decide what crypto to trust
> > and what not. Rumors of the kind "metadata headers offer
> > attack vectors" make this even worse.
> 
> Count me among the non-experts. I have two questions. (a) Wouldn't
> metadata headers incur a loss of plausible deniablity compared to
> plain mode, especially when an encrypted filesystem image is stored as
> a single file on backup media or in the backing file for a loopback
> device? 

In theory, yes, in practice no. See FAQ Item 5.18. Plausible 
deniability is a fantasy that does not hold up in reality. 
See also http://xkcd.com/538/. This really _is_ accurate.

>(b) Assuming a secure passphrase, wouldn't plain mode be more
> secure than luks against possible vulnerabilities in the hashing
> algorithm that may be discovered in the future?

No. First, plain mode also hashes. And second, basically all
potential vulnerabilities of modern hash functions (collisions,
reversing) do not apply to the use as pasword-hashing functions. 
You can hash passwords with MD5 and be perfectly secure, while MD5
is fully broken for things like signing.

The only problem is a (very slow) convergence towards half the 
bits in iterated hashing, but PBKDF2 fixes that.

Gr"usse,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list