[dm-crypt] LUKS header recovery attempt, bruteforce detection of AF-keyslot bit errors
dominic at timedicer.co.uk
Tue Apr 25 15:44:50 CEST 2017
On 25 April 2017 at 14:14, Robert Nichols <rnicholsNOSPAM at comcast.net>
> On 04/24/2017 06:49 PM, protagonist wrote:
>> However, I assume it is likely that a determined attacker running as
>> root might be able to extract the master key from RAM if the encrypted
>> volume in question is still open at the time of attack, so technically,
>> there would be a way to do this without the password.
> It's trivial. Just run "dmsetup table --showkeys" on the device.
Wowzer. 'cryptsetup luksDump <device> --dump-master-key' can also provide
this info but it requires a passphrase, which 'dmsetup table --showkeys'
does not. So must we assume that anyone who has ever had root access while
the encrypted device is mounted can thereafter break through the
encryption regardless of passphrases? At least until cryptsetup-reencrypt
is run on the device, which is a big step.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dm-crypt