* [dm-crypt] Query on validating cryptsetup @ 2012-10-03 17:28 Abhishek Tiwari 2012-10-07 19:50 ` Milan Broz 0 siblings, 1 reply; 3+ messages in thread From: Abhishek Tiwari @ 2012-10-03 17:28 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 942 bytes --] Hi, I am trying to use cryptsetup for an SD card. I create the crypto mapper device and write a file to it. For the purpose of validation, I am using a fixed key "11111111" as passphrase. Then I tried to see the contents of this SD card using a reader and WinHex. Unfortunately these contents do not match with an encrypted copy of same file that was encrypted using this online DES encryption tool: http://www.tools4noobs.com/online_tools/encrypt/ I specified algorithm as DES and mode as CBC. When creating crypto device, my command is: cryptsetup -c des-cbc-plain --key-size=64 --key-file=keyfile create sdcard0 /dev/sdcard0 Here, keyfile contains "11111111". I tried with some other tools as well but could not get the exact same output. Is there anything else that I need to look at? Also, is there any other way I can verify my usage of keys and encryption done using cryptsetup? Please see if you can help. Thanks. -- Abhishek [-- Attachment #2: Type: text/html, Size: 1242 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] Query on validating cryptsetup 2012-10-03 17:28 [dm-crypt] Query on validating cryptsetup Abhishek Tiwari @ 2012-10-07 19:50 ` Milan Broz 2012-10-07 20:53 ` Arno Wagner 0 siblings, 1 reply; 3+ messages in thread From: Milan Broz @ 2012-10-07 19:50 UTC (permalink / raw) To: Abhishek Tiwari; +Cc: dm-crypt On 10/03/2012 07:28 PM, Abhishek Tiwari wrote: > I am trying to use cryptsetup for an SD card. I create the crypto > mapper device and write a file to it. For the purpose of validation, > I am using a fixed key "11111111" as passphrase. Then I tried to see > the contents of this SD card using a reader and WinHex. Unfortunately > these contents do not match with an encrypted copy of same file that > was encrypted using this online DES encryption tool: > http://www.tools4noobs.com/online_tools/encrypt/ I specified > algorithm as DES and mode as CBC. Well, if it is real use, never use DES, it is no longer secure enough. But for learning crypto this can be nice exercise. First, note difference in CBC encryption for the whole file and with dm-crypt. For dmcrypt, it uses CBC per sector, restarting for every sector with defined IV. (Sectors are encrypted independently.) So you cannot compare more than one sector of ciphertext - 512 bytes with tool above. Whatever: - in that PHP tool, I entered "11111111" as key (note it is string, so it translates to 0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31) - plaintext "test1234test5678" (2x DES 8-bytes blocks to see CBC for second block) - encryption is DES, mode CBC, output hexa - note php mcrypt_encrypt uses zeroed IV if not specified So, this will get ciphertext: b43b364065cdf4571a92ba2daecaf2ff Now, the same with cryptsetup: - prepare keyfile # echo -n "11111111">keyfile - configure cryptsetup, null is zeroed IV. Note that for keyfile there is no hashing (exactly what we need - directly use key form file). # cryptsetup -c des-cbc-null --key-size=64 --key-file=keyfile create test /dev/sdb - you can verify what key is really used (key is 5th parameter in hexa) # dmsetup table --showkeys test 0 417792 crypt des-cbc-null 3131313131313131 0 8:16 0 - write plaintext # echo -n "test1234test5678" >/dev/mapper/test - flush underlying device cache to be sure we read new data (or remove dmcrypt mapping) # blockdev --flushbufs /dev/sdb - and check ciphertext # hexdump -C -n 16 /dev/sdb 00000000 b4 3b 36 40 65 cd f4 57 1a 92 ba 2d ae ca f2 ff |.;6@e..W...-....| For me, it looks like it is the same ;-) Milan ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] Query on validating cryptsetup 2012-10-07 19:50 ` Milan Broz @ 2012-10-07 20:53 ` Arno Wagner 0 siblings, 0 replies; 3+ messages in thread From: Arno Wagner @ 2012-10-07 20:53 UTC (permalink / raw) To: dm-crypt On Sun, Oct 07, 2012 at 09:50:46PM +0200, Milan Broz wrote: > On 10/03/2012 07:28 PM, Abhishek Tiwari wrote: > > I am trying to use cryptsetup for an SD card. I create the crypto > > mapper device and write a file to it. For the purpose of validation, > > I am using a fixed key "11111111" as passphrase. Then I tried to see > > the contents of this SD card using a reader and WinHex. Unfortunately > > these contents do not match with an encrypted copy of same file that > > was encrypted using this online DES encryption tool: > > http://www.tools4noobs.com/online_tools/encrypt/ I specified > > algorithm as DES and mode as CBC. > > Well, if it is real use, never use DES, it is no longer secure enough. Indeed. Known plaintext attack for DES is doable some hours now. I still remember when 56 bit DES was considered secure ;-) Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-10-07 20:53 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-10-03 17:28 [dm-crypt] Query on validating cryptsetup Abhishek Tiwari 2012-10-07 19:50 ` Milan Broz 2012-10-07 20:53 ` Arno Wagner
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.