[dm-crypt] plain: opening with a wrong password

Heinz Diehl htd+ml at fritha.org
Sun Feb 8 09:19:54 CET 2015


On 08.02.2015, Matthias Schniedermeyer wrote: 

> > You need something to compare the passphrase to, and that's the hash.
> > How would you check the validity of the entered passphrase otherwise?
> > A plain text comparison is obviously impossible.
 
> With Plain the password can't be verified, the dm-crypt device is setup 
> and if the password was wrong, the "decrypted" device contains garbage.
> Containers usually have a means to test if the password is correct, 
> plain does not.

I tried to keep it simple in my example. Although you're (of course) right, I
didn't write about "plain encryption" or "plain dmcrypt", but plain text
comparison, in order to explain why there is the need for e.g. a hash.
As you point out, with plain dmcrypt the only possibility is actually
using the password and checking if the "decrypted" data based on it makes any sense.



More information about the dm-crypt mailing list