From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TY1147Sl7rCn for ; Tue, 19 Jun 2012 13:04:50 +0200 (CEST) Received: from fourmi.gresille.org (imap.gresille.org [91.216.110.67]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 19 Jun 2012 13:04:50 +0200 (CEST) Received: from [192.168.1.225] (reverse-46.fdn.fr [80.67.176.46]) by fourmi.gresille.org (Postfix) with ESMTPSA id 54C1F620A for ; Tue, 19 Jun 2012 12:56:49 +0200 (CEST) Message-ID: <4FE05A32.9010402@gresille.org> Date: Tue, 19 Jun 2012 12:53:38 +0200 From: Louis MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [dm-crypt] Option "validate passphrase" for command cryptsetup List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hello, for information, I wrote a small C program to check if the given passphrase is correct, without doing anything on the disk. The command is used this way: $ cryptsetup_check_passphrase /dev/sda1 Enter passphrase for /dev/sda1: Valid key (slot 0) $ If you think it can benefit cryptsetup, I offer to write the necessary patch to include it to cryptsetup (as a "luksValidateKey" LUKS action). # why do I need such a command ? We are a group of hacktivists who offer some online services (such as email addresses). Our disks are encrypted using LUKS. As we are six members operating the server, and we reboot it only a few times a year, it may happen that some of us only use the passphrase once in two years, which is prone to forgetting. So we want a way to, once in a while (at our monthly meetings), check that we still know our passphrase, without risking to do something on the disk (creating, removing partition, deleting passphrases, etc.). # Security risks Isn't this function a wonderful tool to try brute force attacks ? I do not think so. Attacker needs to be root to run it, at which point (s)he can already do a lot of harmful things. Moreover, once (s)he is root, attacker might as well compile the program I just wrote to try this brute force attack. To sum up: Yes, it can be used to brute force the partition, but nothing more that what was possible to do without this tool. Regards, Louis PS : Not to overload this list with many files, I only give you here the C code. If you want the makefile and configure.ac, just ask. #include #include #include #include void usage() { printf("cryptsetup_check_passphrase LUKSDEVICE\n"); } int check_passphrase(const char* device_name) { int keyslot; int error; int status; struct crypt_device *cd = NULL; if ((error = crypt_init(&cd, device_name))) { printf("Could not open device \"%s\": %s\n", device_name, strerror(-error)); return 1; } if ((error = crypt_load(cd, NULL, NULL))) { printf("Could not load device \"%s\": %s\n", device_name, strerror(-error)); return 1; } keyslot = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, NULL, 0, 0); if (keyslot >= 0) { printf("Valid key (slot %u)\n", keyslot); status = 0; } else { printf("No matching key found: %s\n", strerror(-keyslot)); status = 1; } crypt_free(cd); return status; } int main( int argc, const char* argv[] ) { int status; /* Parsing arguments */ if (argc != 2) { usage(); return 1; } /* Check */ status = check_passphrase(argv[1]); return status; }