Re: [dm-crypt] Option "validate passphrase" for command cryptsetup

[ken <gebser@mousecar.com>]

Louis,

Thanks for this.  Yes, I would like the makefile and configure.ac files.

Last year I encountered the very problem your program is meant to avoid: 
  It was months since I entered my LUKS passphrase and I'd forgotten it. 
  With the hope that I might remember it one day, I mounted the disk in 
another machine and wrote a bash script to try out passphrases on it... 
but I haven't discovered it yet.  Now I'm looking for other options.

So two questions:

Will this program work on just the LUKS header?  Or does it work only on 
the entire mount point (with all the data therein included)?

Is there a delay of some seconds required between invocations?


Thanks much.


On 06/19/2012 06:53 AM Louis wrote:
> 	Hello,
> 	for information, I wrote a small C program to check if the given
> passphrase is correct, without doing anything on the disk. The command
> is used this way:
>
> 	$ cryptsetup_check_passphrase /dev/sda1
> 	Enter passphrase for /dev/sda1:<MY_SECRET_PASSPHRASE>
> 	Valid key (slot 0)
> 	$
>
> 	If you think it can benefit cryptsetup, I offer to write the necessary
> patch to include it to cryptsetup (as a "luksValidateKey" LUKS action).
>
>
> # why do I need such a command ?
>
> 	We are a group of hacktivists who offer some online services (such as
> email addresses). Our disks are encrypted using LUKS. As we are six
> members operating the server, and we reboot it only a few times a year,
> it may happen that some of us only use the passphrase once in two years,
> which is prone to forgetting. So we want a way to, once in a while (at
> our monthly meetings), check that we still know our passphrase, without
> risking to do something on the disk (creating, removing partition,
> deleting passphrases, etc.).
>
> # Security risks
>
> 	Isn't this function a wonderful tool to try brute force attacks ? I do
> not think so. Attacker needs to be root to run it, at which point (s)he
> can already do a lot of harmful things. Moreover, once (s)he is root,
> attacker might as well compile the program I just wrote to try this
> brute force attack. To sum up: Yes, it can be used to brute force the
> partition, but nothing more that what was possible to do without this tool.
>
> 	Regards,
> 	Louis
>
> PS : Not to overload this list with many files, I only give
> you here the C code. If you want the makefile and configure.ac, just ask.
>
>
> #include<stdio.h>
> #include<stdlib.h>
> #include<string.h>
>
> #include<libcryptsetup.h>
>
> void usage() {
>    printf("cryptsetup_check_passphrase LUKSDEVICE\n");
> }
>
> int check_passphrase(const char* device_name) {
>    int keyslot;
>    int error;
>    int status;
>    struct crypt_device *cd = NULL;
>
>    if ((error = crypt_init(&cd, device_name))) {
>      printf("Could not open device \"%s\": %s\n", device_name,
> strerror(-error));
>      return 1;
>    }
>    if ((error = crypt_load(cd, NULL, NULL))) {
>      printf("Could not load device \"%s\": %s\n", device_name,
> strerror(-error));
>      return 1;
>    }
>
>    keyslot = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, NULL,
> 0, 0);
>    if (keyslot>= 0) {
>      printf("Valid key (slot %u)\n", keyslot);
>      status = 0;
>    } else {
>      printf("No matching key found: %s\n", strerror(-keyslot));
>      status = 1;
>    }
>    crypt_free(cd);
>    return status;
> }
>
> int main( int argc, const char* argv[] ) {
>    int status;
>
>    /* Parsing arguments */
>    if (argc != 2) {
>      usage();
>      return 1;
>    }
>
>    /* Check */
>    status = check_passphrase(argv[1]);
>
>    return status;
> }
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt