From: "U.Mutlu" <for-gmane@mutluit.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] plain: opening with a wrong password
Date: Fri, 06 Feb 2015 15:47:41 +0100 [thread overview]
Message-ID: <mb2k6e$tnj$1@ger.gmane.org> (raw)
In-Reply-To: <20150206141922.Horde.DBddy8_J-Ko1WZpcZHQHTQ8@skrilnetz.net>
Michael wrote, On 02/06/2015 03:19 PM:
> If you are concerned about the header, you could use Luks with a detached
> header. This way you have the advantages of Luks and you can store the header
> separate from the encrypted container.
Beware: there are some warnings in the documentation @
https://code.google.com/p/cryptsetup/wiki/Cryptsetup140
"
WARNING: There is no possible check that specified ciphertext device matches
detached on-disk header.
Use with care, it can destroy your data in case of a mistake.
WARNING: Storing LUKS header in a file means that anti-forensic splitter
cannot properly work
(there is filesystem allocation layer between header and disk)."
cu
Uenal
> Quoting dennis@basis.uklinux.net:
>
>> On Fri, Feb 06, 2015 at 12:51:35AM +0100, Arno Wagner wrote:
>>> If your passphrase is weak enough that a dictionary
>>> attack has a reasonable success of working (and a dictionary
>>> attack is the only thing the salt that hashalot adds helps
>>> against), then you are pretty deep in insecure territory and
>>> _need_ the hash iteration that LUKS provides, but which is
>>> missing from both plain and hashalot.
>>>
>>> ...
>>>
>>> Please do not spread unsubstantiated rumors. It is hard enough
>>> these days for non-experts to decide what crypto to trust
>>> and what not. Rumors of the kind "metadata headers offer
>>> attack vectors" make this even worse.
>>
>> Count me among the non-experts. I have two questions. (a) Wouldn't
>> metadata headers incur a loss of plausible deniablity compared to
>> plain mode, especially when an encrypted filesystem image is stored as
>> a single file on backup media or in the backing file for a loopback
>> device? (b) Assuming a secure passphrase, wouldn't plain mode be more
>> secure than luks against possible vulnerabilities in the hashing
>> algorithm that may be discovered in the future?
>> _______________________________________________
next prev parent reply other threads:[~2015-02-06 14:47 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-04 12:33 [dm-crypt] plain: opening with a wrong password U.Mutlu
2015-02-04 13:02 ` Quentin Lefebvre
2015-02-04 13:30 ` U.Mutlu
2015-02-05 11:54 ` Arno Wagner
2015-02-05 13:53 ` U.Mutlu
2015-02-05 14:04 ` U.Mutlu
2015-02-05 23:51 ` Arno Wagner
2015-02-06 14:01 ` dennis
2015-02-06 14:19 ` Michael
2015-02-06 14:47 ` U.Mutlu [this message]
2015-02-06 18:27 ` Arno Wagner
2015-02-07 17:27 ` dennis
2015-02-07 18:03 ` Heinz Diehl
2015-02-07 23:16 ` Matthias Schniedermeyer
2015-02-08 8:19 ` Heinz Diehl
2015-02-08 9:23 ` Arno Wagner
2015-02-08 9:55 ` Milan Broz
2015-02-08 10:09 ` U.Mutlu
2015-02-08 10:33 ` Milan Broz
2015-02-09 3:13 ` Arno Wagner
2015-02-08 3:07 ` Arno Wagner
2015-02-08 2:59 ` Arno Wagner
2015-02-06 14:04 ` U.Mutlu
2015-02-06 18:20 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='mb2k6e$tnj$1@ger.gmane.org' \
--to=for-gmane@mutluit.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.