[dm-crypt] plain: opening with a wrong password

Arno Wagner arno at wagner.name
Fri Feb 6 19:20:23 CET 2015

On Fri, Feb 06, 2015 at 15:04:25 CET, U.Mutlu wrote:
> IMO that's a question of logic:
> A security system which stores the password in its header (ie. LUKS)
> cannot be secure against another system ("plain") that does nowhere
> store the password.

That is an argument from information-theoretical security. 
In this realm, plain _does_ store the key with the encrypted
data, unless that has no structure at all. Information-theoretical
analysis is nice theoretically, but basically irrelevant for 
the real world. This argument is also presented in any good
course on introduction to cryptography. 

> In the case of LUKS the attacker knows more about the system
> than in the case of "plain". Ergo "plain" is more secure than LUKS.

Sorry, but wrong, see above.

> LUKS uses a static master key (as does plain). The slot passwords
> are for authenticating the access to the filesystem by the
> management tool (cryptsetup) only. Ie. the slot passwords have
> nothing to do with the encryption.

Seriously? Have you even looked at the spec or at the definition 
of terms like "authentication"? Plese stop discussion things you
clearly do not understand.

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

More information about the dm-crypt mailing list