[dm-crypt] LUKS header recovery attempt, bruteforce detection of AF-keyslot bit errors

Dominic Raferd dominic at timedicer.co.uk
Tue Apr 25 15:44:50 CEST 2017


On 25 April 2017 at 14:14, Robert Nichols <rnicholsNOSPAM at comcast.net>
wrote:

> On 04/24/2017 06:49 PM, protagonist wrote:
>
>> However, I assume it is likely that a determined attacker running as
>> root might be able to extract the master key from RAM if the encrypted
>> volume in question is still open at the time of attack, so technically,
>> there would be a way to do this without the password.
>>
>
> It's trivial. Just run "dmsetup table --showkeys" on the device.


Wowzer. 'cryptsetup luksDump <device> --dump-master-key' can also provide
this info but it requires a passphrase, which 'dmsetup table --showkeys'
does not. So must we assume that anyone who has ever had root access while
the encrypted device is mounted can thereafter ​break through the
encryption regardless of passphrases? At least until cryptsetup-reencrypt
is run on the device, which is a big step.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20170425/0592070c/attachment.html>


More information about the dm-crypt mailing list