[dm-crypt] LUKS header recovery attempt, bruteforce detection of AF-keyslot bit errors
michael at kjorling.se
Mon Apr 24 19:44:04 CEST 2017
On 24 Apr 2017 18:00 +0100, from dominic at timedicer.co.uk (Dominic Raferd):
> Is there any possibility that a malicious third party (disgruntled
> ex-sysadmin perhaps) gained root access to the machine during its last
> session and changed the passphrase?
Does that not require knowledge of a current passphrase? I believe it
does. Which of course said third party _could_ have.
> As an aside, of no help to OP I'm afraid: is a prior backup of the
> LUKS header a protection against this scenario (i.e. against a
> subsequently deleted, or changed and now unknown, passphrase)?
Yes. A copy of the LUKS header and a passphrase that was valid at the
time the header copy was made will allow access, as long as the master
key is unchanged (no cryptsetup-reencrypt in the interim). The only
way to mitigate this threat AFAIK is to change the master key of the
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the dm-crypt