[dm-crypt] Cascading two plain dm-crypt volumes
thewizard at mighty.co.za
Fri Nov 29 02:31:19 CET 2013
On Fri, 29 Nov 2013 02:03:53 +0100 Arno Wagner <arno at wagner.name> wrote
> On Fri, Nov 29, 2013 at 01:49:57 CET, anderson jackson wrote:
> > On Fri, 29 Nov 2013 01:32:51 +0100 Arno Wagner <arno at wagner.name> wrote
> > > If I understood this right, it is plain(luks(data))
> > No actually I meant plain(plain(data)). Therefore you won't see the luks
> > header when the attacker finds the correct pass but just random data.
> That is not really more secure than just plain with the two
> passphrases concatenated (as long as the entropy does not
> exceed the key length). No reason to do this, except if you
> mistrust the ciphers and want to use two different ones.
My knowledge about the subject is only skin deep. However I feel as if I am
missing something and in addition to that I must have explained myself poorly.
What I was suggesting is cascading two identical ciphers (both AES) in plain
mode with two independent passphrases one for the first plain block device and
another for the second one.
/dev/sdx = random data
/dev/mapper/cascade1 = random data
/dev/mapper/cascade2 = file system
Let’s say an attacker is using brute force to find the passphrase and
let’s say the tries he has performed includes the first passphrase. When
that passphrase was tried the decrypted result would have been random data
just as if it were a wrong passphrase. The attacker has no way of knowing that
there is a cascade since there is no header or other identifiable markers. So
even when he finds the correct passphrase it would appear to be a failed
attempt because he only gets random data. He would have to try to brute force
the passphrase for the second plain block device for each of the used phrases
of the first block device.
South Africas premier free email service - www.webmail.co.za
Cotlands - Shaping tomorrows Heroes http://www.cotlands.org.za/
More information about the dm-crypt