[dm-crypt] How to derive master key in plain dm-crypt mode

[dm-crypt] How to derive master key in plain dm-crypt mode

[Jian-Ming Zheng]

Hi,

In plain dm-crypt mode, there is no encrypted master key on the device
(i.e., no metadata header). Is a master key derived from the user
passphrase and used to en-/decrypt the device? If yes, how to derive
the master key from the passphrase in plain mode?

Thanks.

Re: [dm-crypt] How to derive master key in plain dm-crypt mode

[Ralf Ramsauer]

On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote:
> Hi,
>
> In plain dm-crypt mode, there is no encrypted master key on the device
> (i.e., no metadata header). Is a master key derived from the user
> passphrase and used to en-/decrypt the device? If yes, how to derive
> the master key from the passphrase in plain mode?
Hi,

No.

In short words and to sum it up:
The passphrase is used to generate some "intermediate" key, using a Key
Derivation Function. In case of Luks, this function is PBKDF2.
This derived key is used to decrypt a Keyslot in the Luks header of your
volume, which contains the actual masterkey.

So having only the passphrase is not sufficient to derive a volume's
masterkey.

cheers
  Ralf
>
> Thanks.
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Re: [dm-crypt] How to derive master key in plain dm-crypt mode

[Ralf Ramsauer]

On 12/10/2014 05:56 PM, Ralf Ramsauer wrote:
> On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote:
>> Hi,
>>
>> In plain dm-crypt mode, there is no encrypted master key on the device
>> (i.e., no metadata header). Is a master key derived from the user
>> passphrase and used to en-/decrypt the device? If yes, how to derive
>> the master key from the passphrase in plain mode?

Oh I'm sorry. I stand corrected.
I skipped a word when I read your message. I skipped the "plain" part.
I can't answer your question as I don't know how the key is derived from
the passphrase using plain mode.
But I'm pretty sure someone one this list will know it.

But I can tell you, that if your device is mounted, you can use dmsetup
to dump the masterkey:
# dmsetup table --showkeys DEVICENAME

cheers
  Ralf
> Hi,
>
> No.
>
> In short words and to sum it up:
> The passphrase is used to generate some "intermediate" key, using a Key
> Derivation Function. In case of Luks, this function is PBKDF2.
> This derived key is used to decrypt a Keyslot in the Luks header of your
> volume, which contains the actual masterkey.
>
> So having only the passphrase is not sufficient to derive a volume's
> masterkey.
>
> cheers
>   Ralf
>> Thanks.
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Re: [dm-crypt] How to derive master key in plain dm-crypt mode

[Robert Nichols]

On 12/10/2014 05:48 AM, Jian-Ming Zheng wrote:
> In plain dm-crypt mode, there is no encrypted master key on the device
> (i.e., no metadata header). Is a master key derived from the user
> passphrase and used to en-/decrypt the device? If yes, how to derive
> the master key from the passphrase in plain mode?

The /cryptsetup/ manpage indicates that the key is just the hash of the
passphrase using the specified hash function and cropped to the required
key length. "cryptsetup --help" will show you the default hash function.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

Re: [dm-crypt] How to derive master key in plain dm-crypt mode

[Arno Wagner]

On Wed, Dec 10, 2014 at 23:34:59 CET, Robert Nichols wrote:
> On 12/10/2014 05:48 AM, Jian-Ming Zheng wrote:
> >In plain dm-crypt mode, there is no encrypted master key on the device
> >(i.e., no metadata header). Is a master key derived from the user
> >passphrase and used to en-/decrypt the device? If yes, how to derive
> >the master key from the passphrase in plain mode?
> 
> The /cryptsetup/ manpage indicates that the key is just the hash of the
> passphrase using the specified hash function and cropped to the required
> key length. "cryptsetup --help" will show you the default hash function.

There is some (optional?) key stretching for keys with more than
160 bits, which is derived from what "hashalot" does. It is however
not very interesting.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

Re: [dm-crypt] How to derive master key in plain dm-crypt mode

[Jian-Ming Zheng]

Hi, Ralf,

Thanks for your response.

More precisely, the key slot in the LUKS header contains the encrypted
master key (i.e., master key checksum from PBKDF2), not the master
key.

The PBKDF2ed passphrase decrypts the encrypted master key in a key
slot, and the decryption result is processed by AFmerge to obtain a
master key candidate. The PBKDF2ed checksum of the master key
candidate is compared against the master key checksum in the key slot.

Is my understanding correct?

On Thu, Dec 11, 2014 at 12:01 AM, Ralf Ramsauer
<ralf+dm@ramses-pyramidenbau.de> wrote:
> On 12/10/2014 05:56 PM, Ralf Ramsauer wrote:
>> On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote:
>>> Hi,
>>>
>>> In plain dm-crypt mode, there is no encrypted master key on the device
>>> (i.e., no metadata header). Is a master key derived from the user
>>> passphrase and used to en-/decrypt the device? If yes, how to derive
>>> the master key from the passphrase in plain mode?
>
> Oh I'm sorry. I stand corrected.
> I skipped a word when I read your message. I skipped the "plain" part.
> I can't answer your question as I don't know how the key is derived from
> the passphrase using plain mode.
> But I'm pretty sure someone one this list will know it.
>
> But I can tell you, that if your device is mounted, you can use dmsetup
> to dump the masterkey:
> # dmsetup table --showkeys DEVICENAME
>
> cheers
>   Ralf
>> Hi,
>>
>> No.
>>
>> In short words and to sum it up:
>> The passphrase is used to generate some "intermediate" key, using a Key
>> Derivation Function. In case of Luks, this function is PBKDF2.
>> This derived key is used to decrypt a Keyslot in the Luks header of your
>> volume, which contains the actual masterkey.
>>
>> So having only the passphrase is not sufficient to derive a volume's
>> masterkey.
>>
>> cheers
>>   Ralf
>>> Thanks.
>>> _______________________________________________
>>> dm-crypt mailing list
>>> dm-crypt@saout.de
>>> http://www.saout.de/mailman/listinfo/dm-crypt
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt