From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <glkdd-dm-crypt@m.gmane.org>
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri,  6 Feb 2015 15:47:49 +0100 (CET)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <glkdd-dm-crypt@m.gmane.org>) id 1YJkCC-0004Vb-Hg
 for dm-crypt@saout.de; Fri, 06 Feb 2015 15:47:48 +0100
Received: from ip4d151e07.dynamic.kabel-deutschland.de ([77.21.30.7])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Fri, 06 Feb 2015 15:47:48 +0100
Received: from for-gmane by ip4d151e07.dynamic.kabel-deutschland.de with local
 (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <dm-crypt@saout.de>; Fri, 06 Feb 2015 15:47:48 +0100
From: "U.Mutlu" <for-gmane@mutluit.com>
Date: Fri, 06 Feb 2015 15:47:41 +0100
Message-ID: <mb2k6e$tnj$1@ger.gmane.org>
References: <mat3ic$ql0$1@ger.gmane.org> <54D21872.2030406@yahoo.com>
 <mat6t9$l5n$1@ger.gmane.org> <20150205115435.GA4093@tansi.org>
 <mavsjs$ntq$1@ger.gmane.org> <mavt9n$4et$1@ger.gmane.org>
 <20150205235135.GA21304@tansi.org> <20150206140140.GA16920@dashborg.com>
 <20150206141922.Horde.DBddy8_J-Ko1WZpcZHQHTQ8@skrilnetz.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <20150206141922.Horde.DBddy8_J-Ko1WZpcZHQHTQ8@skrilnetz.net>
Subject: Re: [dm-crypt] plain: opening with a wrong password
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Michael wrote, On 02/06/2015 03:19 PM:
> If you are concerned about the header, you could use Luks with a detached
> header. This way you have the advantages of Luks and you can store the header
> separate from the encrypted container.

Beware: there are some warnings in the documentation @
https://code.google.com/p/cryptsetup/wiki/Cryptsetup140
"
WARNING: There is no possible check that specified ciphertext device matches 
detached on-disk header.
Use with care, it can destroy your data in case of a mistake.

WARNING: Storing LUKS header in a file means that anti-forensic splitter 
cannot properly work
(there is filesystem allocation layer between header and disk)."

cu
Uenal

> Quoting dennis@basis.uklinux.net:
>
>> On Fri, Feb 06, 2015 at 12:51:35AM +0100, Arno Wagner wrote:
>>> If your passphrase is weak enough that a dictionary
>>> attack has a reasonable success of working (and a dictionary
>>> attack is the only thing the salt that hashalot adds helps
>>> against), then you are pretty deep in insecure territory and
>>> _need_ the hash iteration that LUKS provides, but which is
>>> missing from both plain and hashalot.
>>>
>>> ...
>>>
>>> Please do not spread unsubstantiated rumors. It is hard enough
>>> these days for non-experts to decide what crypto to trust
>>> and what not. Rumors of the kind "metadata headers offer
>>> attack vectors" make this even worse.
>>
>> Count me among the non-experts. I have two questions. (a) Wouldn't
>> metadata headers incur a loss of plausible deniablity compared to
>> plain mode, especially when an encrypted filesystem image is stored as
>> a single file on backup media or in the backing file for a loopback
>> device? (b) Assuming a secure passphrase, wouldn't plain mode be more
>> secure than luks against possible vulnerabilities in the hashing
>> algorithm that may be discovered in the future?
>> _______________________________________________