From: Milan Broz <gmazyland@gmail.com>
To: Abhishek Tiwari <abhis.tiwari@gmail.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] Query on validating cryptsetup
Date: Sun, 07 Oct 2012 21:50:46 +0200 [thread overview]
Message-ID: <5071DD16.8030301@gmail.com> (raw)
In-Reply-To: <CAAUhRHHPoMWxR=We+xSkAuJuNimEFWo1X=B7xGiGE7OzeRt8wQ@mail.gmail.com>
On 10/03/2012 07:28 PM, Abhishek Tiwari wrote:
> I am trying to use cryptsetup for an SD card. I create the crypto
> mapper device and write a file to it. For the purpose of validation,
> I am using a fixed key "11111111" as passphrase. Then I tried to see
> the contents of this SD card using a reader and WinHex. Unfortunately
> these contents do not match with an encrypted copy of same file that
> was encrypted using this online DES encryption tool:
> http://www.tools4noobs.com/online_tools/encrypt/ I specified
> algorithm as DES and mode as CBC.
Well, if it is real use, never use DES, it is no longer secure enough.
But for learning crypto this can be nice exercise.
First, note difference in CBC encryption for the whole file
and with dm-crypt.
For dmcrypt, it uses CBC per sector, restarting for every sector with
defined IV. (Sectors are encrypted independently.)
So you cannot compare more than one sector of ciphertext - 512 bytes
with tool above.
Whatever:
- in that PHP tool, I entered "11111111" as key
(note it is string, so it translates to 0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31)
- plaintext "test1234test5678" (2x DES 8-bytes blocks to see CBC for second block)
- encryption is DES, mode CBC, output hexa
- note php mcrypt_encrypt uses zeroed IV if not specified
So, this will get ciphertext: b43b364065cdf4571a92ba2daecaf2ff
Now, the same with cryptsetup:
- prepare keyfile
# echo -n "11111111">keyfile
- configure cryptsetup, null is zeroed IV. Note that for keyfile there is
no hashing (exactly what we need - directly use key form file).
# cryptsetup -c des-cbc-null --key-size=64 --key-file=keyfile create test /dev/sdb
- you can verify what key is really used (key is 5th parameter in hexa)
# dmsetup table --showkeys test
0 417792 crypt des-cbc-null 3131313131313131 0 8:16 0
- write plaintext
# echo -n "test1234test5678" >/dev/mapper/test
- flush underlying device cache to be sure we read new data (or remove dmcrypt mapping)
# blockdev --flushbufs /dev/sdb
- and check ciphertext
# hexdump -C -n 16 /dev/sdb
00000000 b4 3b 36 40 65 cd f4 57 1a 92 ba 2d ae ca f2 ff |.;6@e..W...-....|
For me, it looks like it is the same ;-)
Milan
next prev parent reply other threads:[~2012-10-07 19:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-03 17:28 [dm-crypt] Query on validating cryptsetup Abhishek Tiwari
2012-10-07 19:50 ` Milan Broz [this message]
2012-10-07 20:53 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5071DD16.8030301@gmail.com \
--to=gmazyland@gmail.com \
--cc=abhis.tiwari@gmail.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.