[dm-crypt] plain: opening with a wrong password

Arno Wagner arno at wagner.name
Sun Feb 8 10:23:34 CET 2015


On Sun, Feb 08, 2015 at 09:19:54 CET, Heinz Diehl wrote:
> On 08.02.2015, Matthias Schniedermeyer wrote: 
> 
> > > You need something to compare the passphrase to, and that's the hash.
> > > How would you check the validity of the entered passphrase otherwise?
> > > A plain text comparison is obviously impossible.
>  
> > With Plain the password can't be verified, the dm-crypt device is setup 
> > and if the password was wrong, the "decrypted" device contains garbage.
> > Containers usually have a means to test if the password is correct, 
> > plain does not.
> 
> I tried to keep it simple in my example. Although you're (of course) right, I
> didn't write about "plain encryption" or "plain dmcrypt", but plain text
> comparison, in order to explain why there is the need for e.g. a hash.
> As you point out, with plain dmcrypt the only possibility is actually
> using the password and checking if the "decrypted" data based on it 
> makes any sense.

Form a purely practical perspective, the difference usually negligible.
Wile plain dm-crypt mounting fails at the mount-stage due to wrong
filesystem signatures, LUKS mounting fails at the decrypt stage. 

>From an attacker's perspecive, the difference is also small, except
that all the iteration in LUKS adds a massive amount of computational
effort. The data in the LUKS header does not help the attacker at all.
It does take a look at the details (as so often in crypto protocols)
to see that though.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list