From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Sun,  8 Feb 2015 10:23:35 +0100 (CET)
Received: from gatewagner.dyndns.org (77-57-54-224.dclient.hispeed.ch
 [77.57.54.224]) by v6.tansi.org (Postfix) with ESMTPA id BBC7020DC1F9
 for <dm-crypt@saout.de>; Sun,  8 Feb 2015 10:23:34 +0100 (CET)
Date: Sun, 8 Feb 2015 10:23:34 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20150208092334.GA20982@tansi.org>
References: <20150205115435.GA4093@tansi.org> <mavsjs$ntq$1@ger.gmane.org>
 <mavt9n$4et$1@ger.gmane.org> <20150205235135.GA21304@tansi.org>
 <20150206140140.GA16920@dashborg.com>
 <20150206182729.GB7283@tansi.org>
 <20150207172747.GA26528@dashborg.com>
 <20150207180356.GA4982@fritha.org> <20150207231624.GA23872@citd.de>
 <20150208081954.GA2856@fritha.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150208081954.GA2856@fritha.org>
Subject: Re: [dm-crypt] plain: opening with a wrong password
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Sun, Feb 08, 2015 at 09:19:54 CET, Heinz Diehl wrote:
> On 08.02.2015, Matthias Schniedermeyer wrote: 
> 
> > > You need something to compare the passphrase to, and that's the hash.
> > > How would you check the validity of the entered passphrase otherwise?
> > > A plain text comparison is obviously impossible.
>  
> > With Plain the password can't be verified, the dm-crypt device is setup 
> > and if the password was wrong, the "decrypted" device contains garbage.
> > Containers usually have a means to test if the password is correct, 
> > plain does not.
> 
> I tried to keep it simple in my example. Although you're (of course) right, I
> didn't write about "plain encryption" or "plain dmcrypt", but plain text
> comparison, in order to explain why there is the need for e.g. a hash.
> As you point out, with plain dmcrypt the only possibility is actually
> using the password and checking if the "decrypted" data based on it 
> makes any sense.

Form a purely practical perspective, the difference usually negligible.
Wile plain dm-crypt mounting fails at the mount-stage due to wrong
filesystem signatures, LUKS mounting fails at the decrypt stage. 

>From an attacker's perspecive, the difference is also small, except
that all the iteration in LUKS adds a massive amount of computational
effort. The data in the LUKS header does not help the attacker at all.
It does take a look at the details (as so often in crypto protocols)
to see that though.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier