From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Thu,  5 Feb 2015 12:54:38 +0100 (CET)
Received: from gatewagner.dyndns.org (77-57-54-224.dclient.hispeed.ch
 [77.57.54.224]) by v6.tansi.org (Postfix) with ESMTPA id A8F6D20DC20F
 for <dm-crypt@saout.de>; Thu,  5 Feb 2015 12:54:35 +0100 (CET)
Date: Thu, 5 Feb 2015 12:54:35 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20150205115435.GA4093@tansi.org>
References: <mat3ic$ql0$1@ger.gmane.org> <54D21872.2030406@yahoo.com>
 <mat6t9$l5n$1@ger.gmane.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <mat6t9$l5n$1@ger.gmane.org>
Subject: Re: [dm-crypt] plain: opening with a wrong password
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Wed, Feb 04, 2015 at 14:30:17 CET, U.Mutlu wrote:
> Quentin Lefebvre wrote, On 02/04/2015 02:02 PM:
> >Hi,
> >
> >Le 04/02/2015 13:33, U.Mutlu a =E9crit :
> >>Hi,
> >>what happens if an encrypted filesystem (plain, no LUKS)
> >>next time is opened accidently with a wrong password,
> >>and new data written to it? Will the filesystem then become
> >>damaged/unusable?
> >
> >What typically happens when you use a wrong password is that the
> >cryptsetup create/open command is indeed successful, but mounting your
> >partition will fail (because the filesystem is not detected).  So you
> >have few chance to accidentally damage a filesystem, even in plain
> > mode.
>=20
> I tried this out now, and indeed that's cool!
> Thank you for this useful tip, it spares me to study further
> also the LUKS stuff, as plain is IMHO sufficient for my needs.
> The main drawback with plain seems to be that one cannot change
> the password, instead one needs to re-enrcrypt into a new file/device.

That, you have only one password, and you do not get some=20
additional protection for weak passwords from salting and=20
iteration. With a good, passphease plain is about as secure=20
as LUKS, namely not breakable. (See FAQ item 5.1 for details
of what "good" means.)

Arno
=20
--=20
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of=20
"news" is "something that hardly ever happens." -- Bruce Schneier