From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from blaine.gmane.org (unknown [195.159.176.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Tue, 25 Apr 2017 15:15:04 +0200 (CEST) Received: from list by blaine.gmane.org with local (Exim 4.84_2) (envelope-from ) id 1d30Iu-00040w-8t for dm-crypt@saout.de; Tue, 25 Apr 2017 15:14:52 +0200 From: Robert Nichols Date: Tue, 25 Apr 2017 08:14:52 -0500 Message-ID: References: <20170422002548.GA23882@tansi.org> <20170422134557.GB1425@tansi.org> <56144922-1d2e-b97c-3a5b-d7a952c84950@depressiverobots.com> <6bbee653-87c7-7145-82fe-785ab6fafece@depressiverobots.com> <569e04ca-10ae-28fc-9db2-5bf0cb9daea5@depressiverobots.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit In-Reply-To: Subject: Re: [dm-crypt] LUKS header recovery attempt, bruteforce detection of AF-keyslot bit errors List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 04/24/2017 06:49 PM, protagonist wrote: > However, I assume it is likely that a determined attacker running as > root might be able to extract the master key from RAM if the encrypted > volume in question is still open at the time of attack, so technically, > there would be a way to do this without the password. It's trivial. Just run "dmsetup table --showkeys" on the device. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.