[dm-crypt] plain: opening with a wrong password

Heinz Diehl htd+ml at fritha.org
Sat Feb 7 19:03:56 CET 2015

On 07.02.2015, dennis at basis.uklinux.net wrote: 

> My conclusion would have been that if the passphrase is
> initially at least as secure as a random key, then hashing can never
> increase security but may decrease it.

You need something to compare the passphrase to, and that's the hash.
How would you check the validity of the entered passphrase otherwise?
A plain text comparison is obviously impossible.

An example which at least partially covers the same item is password storing by
netshops, e.g. those who send you the plaintext passphrase when providing your
email after hitting "Forgotten password". A breach into this password database
reveals all passwords in clear text. Therefore, passwords usually are stored as
their hash, and the clear text is deleted right after the hashing. That are
those netshops which will provide a reset link to you after hitting the
"Forgotten password" button, because they only have the hash, which can't be
re-translated into the clear text passphrase.

It's not only a problem of "security", but feasibility.

More information about the dm-crypt mailing list