[dm-crypt] LUKS header recovery attempt, bruteforce detection of AF-keyslot bit errors

protagonist listdump at depressiverobots.com
Mon Apr 24 15:26:20 CEST 2017

On 24.04.2017 07:50, Dominic Raferd wrote:
>     On 22.04.2017 20 <tel:22.04.2017%2020>:02, protagonist wrote:
>     > I've manually compiled
>     ​...​
> ​This is pretty impressive stuff to someone like me who is new to
> dm-crypt. 

> But I wondered if the chances of the passphrase being
> misrecorded or misread have been fully considered.

You make a good point, but as the password has been written down on
paper the old-fashioned way, I have decided to take it as a "known good"
One can speculate about the password being wrong on paper, or some
laptop-specific oddity, but as the owner had been entering it daily for
more than a year, I don't think a simple single-character swap for
neighboring keys or capitalization changes will help. In other
situations, they might, and  bruteforce complexity only grows linearly
with the number of changes and password length, respectively, if one
looks for a single error, so it's definitely something to consider for
passwords that can't be remembered perfectly.

> As it happens a single capitalisation error would be picked up by a
> brute force method that tests for a single bit flip...

This is not the case for any of the bit error tests discussed earlier,
as they concern the necessary "decryption ingredients" on disk where bit
errors may have occurred, which of course don't include the password itself.


More information about the dm-crypt mailing list