From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com
 [IPv6:2a00:1450:400c:c03::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sun,  8 Feb 2015 10:55:38 +0100 (CET)
Received: by mail-we0-f173.google.com with SMTP id w55so9876052wes.4
 for <dm-crypt@saout.de>; Sun, 08 Feb 2015 01:55:37 -0800 (PST)
Received: from [147.229.178.138] (dhcpr138.fit.vutbr.cz. [147.229.178.138])
 by mx.google.com with ESMTPSA id fo17sm11175852wjc.19.2015.02.08.01.55.36
 for <dm-crypt@saout.de>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 08 Feb 2015 01:55:36 -0800 (PST)
Message-ID: <54D73297.7060904@gmail.com>
Date: Sun, 08 Feb 2015 10:55:35 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <20150205115435.GA4093@tansi.org> <mavsjs$ntq$1@ger.gmane.org>
 <mavt9n$4et$1@ger.gmane.org> <20150205235135.GA21304@tansi.org>
 <20150206140140.GA16920@dashborg.com> <20150206182729.GB7283@tansi.org>
 <20150207172747.GA26528@dashborg.com> <20150207180356.GA4982@fritha.org>
 <20150207231624.GA23872@citd.de> <20150208081954.GA2856@fritha.org>
 <20150208092334.GA20982@tansi.org>
In-Reply-To: <20150208092334.GA20982@tansi.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] plain: opening with a wrong password
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 02/08/2015 10:23 AM, Arno Wagner wrote:
> On Sun, Feb 08, 2015 at 09:19:54 CET, Heinz Diehl wrote:

> Form a purely practical perspective, the difference usually negligible.
> Wile plain dm-crypt mounting fails at the mount-stage due to wrong
> filesystem signatures, LUKS mounting fails at the decrypt stage. 

Beware, there are some combinations of the encryption mode + IV which decrypts
the first block correctly in both cases, so fs returns correct signature
but fs is obviously corrupted... if you are not lucky, fsck will run
and breaks the fs irrecoverably... 

This cannot happen with LUKS.

See here that the ext3 device created with ESSIV still have visible signature
with plain IV:

# echo "password" | cryptsetup create -c aes-cbc-essiv:sha256 -s 256 x /dev/sdb
# mkfs -t ext3 -q /dev/mapper/x
# blkid -p /dev/mapper/x
/dev/mapper/x: UUID="f46ba5d8-8c26-4589-ac09-cb0829f2804f" SEC_TYPE="ext2" VERSION="1.0" TYPE="ext3" USAGE="filesystem" 

... use fs
# cryptsetup close x

And now thy mistake with plain IV:

# echo "password" | cryptsetup create -c aes-cbc-plain -s 256 x /dev/sdb
# blkid -p /dev/mapper/x
/dev/mapper/x: UUID="f46ba5d8-8c26-4589-ac09-cb0829f2804f" SEC_TYPE="ext2" VERSION="1.0" TYPE="ext3" USAGE="filesystem" 

# mount /dev/mapper/x /mnt/tst
mount: wrong fs type, bad option, bad superblock on /dev/mapper/x,
       missing codepage or helper program, or other error
...

DO NOT use plain mode if you are not sure what you are doing. Really.

There is a detached LUKS header which is better, the issues I mentioned in man
about detached header page are side problems, nothing serious for most users.
(But obviously depends on your threat model.)

Milan