[dm-crypt] plain: opening with a wrong password

Arno Wagner arno at wagner.name
Mon Feb 9 04:13:40 CET 2015


On Sun, Feb 08, 2015 at 10:55:35 CET, Milan Broz wrote:
> On 02/08/2015 10:23 AM, Arno Wagner wrote:
> > On Sun, Feb 08, 2015 at 09:19:54 CET, Heinz Diehl wrote:
> 
> > Form a purely practical perspective, the difference usually negligible.
> > Wile plain dm-crypt mounting fails at the mount-stage due to wrong
> > filesystem signatures, LUKS mounting fails at the decrypt stage. 
> 
> Beware, there are some combinations of the encryption mode + IV which decrypts
> the first block correctly in both cases, so fs returns correct signature
> but fs is obviously corrupted... if you are not lucky, fsck will run
> and breaks the fs irrecoverably... 

Indeed. My comments only apply to wrong key, they do _not_ apply
to wrong other parameters!
 
> This cannot happen with LUKS.
> 
> See here that the ext3 device created with ESSIV still have visible signature
> with plain IV:
> 
> # echo "password" | cryptsetup create -c aes-cbc-essiv:sha256 -s 256 x /dev/sdb
> # mkfs -t ext3 -q /dev/mapper/x
> # blkid -p /dev/mapper/x
> /dev/mapper/x: UUID="f46ba5d8-8c26-4589-ac09-cb0829f2804f" SEC_TYPE="ext2" VERSION="1.0" TYPE="ext3" USAGE="filesystem" 
> 
> ... use fs
> # cryptsetup close x
> 
> And now thy mistake with plain IV:
> 
> # echo "password" | cryptsetup create -c aes-cbc-plain -s 256 x /dev/sdb
> # blkid -p /dev/mapper/x
> /dev/mapper/x: UUID="f46ba5d8-8c26-4589-ac09-cb0829f2804f" SEC_TYPE="ext2" VERSION="1.0" TYPE="ext3" USAGE="filesystem" 
> 
> # mount /dev/mapper/x /mnt/tst
> mount: wrong fs type, bad option, bad superblock on /dev/mapper/x,
>        missing codepage or helper program, or other error
> ...
> 
> DO NOT use plain mode if you are not sure what you are doing. Really.

I second that! 

Arno

> There is a detached LUKS header which is better, the issues I mentioned in
> man about detached header page are side problems, nothing serious for most
> users.  (But obviously depends on your threat model.)

> 
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list