From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Thu,  5 Feb 2015 14:53:11 +0100 (CET)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <glkdd-dm-crypt@m.gmane.org>) id 1YJMrh-0004aF-RA
 for dm-crypt@saout.de; Thu, 05 Feb 2015 14:53:05 +0100
Received: from ip4d151e07.dynamic.kabel-deutschland.de ([77.21.30.7])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Thu, 05 Feb 2015 14:53:05 +0100
Received: from for-gmane by ip4d151e07.dynamic.kabel-deutschland.de with local
 (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Thu, 05 Feb 2015 14:53:05 +0100
From: "U.Mutlu" <for-gmane@mutluit.com>
Date: Thu, 05 Feb 2015 14:53:00 +0100
Message-ID: <mavsjs$ntq$1@ger.gmane.org>
References: <mat3ic$ql0$1@ger.gmane.org> <54D21872.2030406@yahoo.com>
 <mat6t9$l5n$1@ger.gmane.org> <20150205115435.GA4093@tansi.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <20150205115435.GA4093@tansi.org>
Subject: Re: [dm-crypt] plain: opening with a wrong password
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Arno Wagner wrote, On 02/05/2015 12:54 PM:
> On Wed, Feb 04, 2015 at 14:30:17 CET, U.Mutlu wrote:
>> Quentin Lefebvre wrote, On 02/04/2015 02:02 PM:
>>> Hi,
>>>
>>> Le 04/02/2015 13:33, U.Mutlu a =E9crit :
>>>> Hi,
>>>> what happens if an encrypted filesystem (plain, no LUKS)
>>>> next time is opened accidently with a wrong password,
>>>> and new data written to it? Will the filesystem then become
>>>> damaged/unusable?
>>>
>>> What typically happens when you use a wrong password is that the
>>> cryptsetup create/open command is indeed successful, but mounting you=
r
>>> partition will fail (because the filesystem is not detected).  So you=

>>> have few chance to accidentally damage a filesystem, even in plain
>>> mode.
>>
>> I tried this out now, and indeed that's cool!
>> Thank you for this useful tip, it spares me to study further
>> also the LUKS stuff, as plain is IMHO sufficient for my needs.
>> The main drawback with plain seems to be that one cannot change
>> the password, instead one needs to re-enrcrypt into a new file/device.=

>
> That, you have only one password, and you do not get some
> additional protection for weak passwords from salting and
> iteration. With a good, passphease plain is about as secure
> as LUKS, namely not breakable. (See FAQ item 5.1 for details
> of what "good" means.)
>
> Arno

Yes, and one better should create a password by using a password hasher l=
ike=20
the following:
$ echo mypassword | hashalot -x -s mysalt sha256
5d9de7f56a469782ff8a6be363418f62d6f93e33c3adb5c216e7e9c2f9947240
and pass the result to the target (of course using something else for=20
"mypassword" and "mysalt").

cu
Uenal