From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sun, 8 Feb 2015 09:19:55 +0100 (CET) Received: from localhost ([88.90.246.181]) by mrelayeu.kundenserver.de (mreue101) with ESMTPSA (Nemesis) id 0Lu5Go-1Xaxnp12KE-011UvG for ; Sun, 08 Feb 2015 09:19:55 +0100 Date: Sun, 8 Feb 2015 09:19:54 +0100 From: Heinz Diehl Message-ID: <20150208081954.GA2856@fritha.org> References: <20150205115435.GA4093@tansi.org> <20150205235135.GA21304@tansi.org> <20150206140140.GA16920@dashborg.com> <20150206182729.GB7283@tansi.org> <20150207172747.GA26528@dashborg.com> <20150207180356.GA4982@fritha.org> <20150207231624.GA23872@citd.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150207231624.GA23872@citd.de> Subject: Re: [dm-crypt] plain: opening with a wrong password List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 08.02.2015, Matthias Schniedermeyer wrote: > > You need something to compare the passphrase to, and that's the hash. > > How would you check the validity of the entered passphrase otherwise? > > A plain text comparison is obviously impossible. > With Plain the password can't be verified, the dm-crypt device is setup > and if the password was wrong, the "decrypted" device contains garbage. > Containers usually have a means to test if the password is correct, > plain does not. I tried to keep it simple in my example. Although you're (of course) right, I didn't write about "plain encryption" or "plain dmcrypt", but plain text comparison, in order to explain why there is the need for e.g. a hash. As you point out, with plain dmcrypt the only possibility is actually using the password and checking if the "decrypted" data based on it makes any sense.