[dm-crypt] LUKS and backdoors

Arno Wagner arno at wagner.name
Sun Oct 20 13:59:56 CEST 2013

On Sun, Oct 20, 2013 at 10:28:08AM +0200, Milan Broz wrote:
> On 10/20/2013 07:52 AM, .. ink .. wrote:
> > I raised the question not out of fear of anything or spreading FUD on
> > truecrypt but out of seeking a better understanding of how LUKS
> > header in particular and header using encrypted volumes in general
> > are created and managed and if they could be used to manage a
> > backdoor of some sort.
> If you have header generated by some unknown binary, you do not need
> to store master or whatever so complicated. Just mangle how master key
> is generated (predictable RNG or so) and you have undetectable backdoor.

Yes, indeed! My suggestion to hide the master key in the salts is 
far to complicated. 
> If you have root access to device with active mapping, you can always
> read encryption key from memory and store it elsewhere, send by WiFi...

See also FAQ Item 6.10.

> And, btw some NAS manufacturers add backdoors and weaks security,
> even for LUKS partitioning systems...
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3200
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3278
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1431
> (and probably others I missed)

Urgh. People remain stupid...

> Anyway, if anyone want to audit usptream cryptsetup code,
> it is more then welcome!
> Just please do not turn it to some funded service with unclear
> motivation behind.
> I will be more than happy to provide any cooperation related
> to source code audit.

I will too. Although Milan has far superiour knowledge of the
sources, I can provide a second opinion on anything that seems
to be suspicuous or unclear.


> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

More information about the dm-crypt mailing list