[dm-crypt] plain: opening with a wrong password

Milan Broz gmazyland at gmail.com
Sun Feb 8 10:55:35 CET 2015


On 02/08/2015 10:23 AM, Arno Wagner wrote:
> On Sun, Feb 08, 2015 at 09:19:54 CET, Heinz Diehl wrote:

> Form a purely practical perspective, the difference usually negligible.
> Wile plain dm-crypt mounting fails at the mount-stage due to wrong
> filesystem signatures, LUKS mounting fails at the decrypt stage. 

Beware, there are some combinations of the encryption mode + IV which decrypts
the first block correctly in both cases, so fs returns correct signature
but fs is obviously corrupted... if you are not lucky, fsck will run
and breaks the fs irrecoverably... 

This cannot happen with LUKS.

See here that the ext3 device created with ESSIV still have visible signature
with plain IV:

# echo "password" | cryptsetup create -c aes-cbc-essiv:sha256 -s 256 x /dev/sdb
# mkfs -t ext3 -q /dev/mapper/x
# blkid -p /dev/mapper/x
/dev/mapper/x: UUID="f46ba5d8-8c26-4589-ac09-cb0829f2804f" SEC_TYPE="ext2" VERSION="1.0" TYPE="ext3" USAGE="filesystem" 

... use fs
# cryptsetup close x

And now thy mistake with plain IV:

# echo "password" | cryptsetup create -c aes-cbc-plain -s 256 x /dev/sdb
# blkid -p /dev/mapper/x
/dev/mapper/x: UUID="f46ba5d8-8c26-4589-ac09-cb0829f2804f" SEC_TYPE="ext2" VERSION="1.0" TYPE="ext3" USAGE="filesystem" 

# mount /dev/mapper/x /mnt/tst
mount: wrong fs type, bad option, bad superblock on /dev/mapper/x,
       missing codepage or helper program, or other error
...

DO NOT use plain mode if you are not sure what you are doing. Really.

There is a detached LUKS header which is better, the issues I mentioned in man
about detached header page are side problems, nothing serious for most users.
(But obviously depends on your threat model.)

Milan


More information about the dm-crypt mailing list