Re: Beheaded LUKS volume pathology

public inbox for cryptsetup@lists.linux.dev
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: Mistave <mistave@countermail.com>, cryptsetup@lists.linux.dev
Subject: Re: Beheaded LUKS volume pathology
Date: Sat, 3 Feb 2024 15:23:25 +0100	[thread overview]
Message-ID: <d208bb24-84ea-45f2-8e38-b66f0c56bbe2@gmail.com> (raw)
In-Reply-To: <ed5843de-eb16-437f-9fc2-7719aafe968d@countermail.com>

On 2/3/24 13:52, Mistave wrote:
> On 2/2/24 11:16, Milan Broz wrote:
> 
>> So if the user does not deliberately write some information elsewhere
>> (like pair detached header and data device using storage UUID
>> in /etc/crypttab), there should be no information that logically connects
>> the detached LUKS header and data device (for default config).
>>
> 
> Hello,
> 
> So, just to confirm, there is no metadata present in the LUKS header
> that would allow an adversary to perform guesswork (such as the size of
> the encrypted volume)?

For LUKS1, there is no attribute to store device size in the header.

For LUKS2, we can store a fixed size, but the default format
set it to "dynamic", the size is determined according to data device size.

See luksDump, for dynamic size you should see

Data segments:
   0: crypt
...
         length: (whole device)

Milan

  
> For example, if I have a bunch of encrypted disks with detached headers,
> and only one of them is 10TB, but the rest are 1TB. You're saying
> there's no way that a particular header can be singled out based on
> guesswork because it's the only header that has a bigger encrypted
> volume body?
> 
> How does an encrypted volume know what size it's supposed to be? Does it
> always span across the entire partition or block device?
> 
> 
> Kind regards!
> M.
>

next prev parent reply	other threads:[~2024-02-03 14:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-02  8:12 Beheaded LUKS volume pathology Mistave
2024-02-02 10:16 ` Milan Broz
2024-02-03 12:52   ` Mistave
2024-02-03 14:23     ` Milan Broz [this message]
2024-02-04 12:55       ` Mistave

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d208bb24-84ea-45f2-8e38-b66f0c56bbe2@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=cryptsetup@lists.linux.dev \
    --cc=mistave@countermail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox