* [dm-crypt] How to derive master key in plain dm-crypt mode @ 2014-12-10 11:48 Jian-Ming Zheng 2014-12-10 15:56 ` Ralf Ramsauer 2014-12-10 22:34 ` Robert Nichols 0 siblings, 2 replies; 6+ messages in thread From: Jian-Ming Zheng @ 2014-12-10 11:48 UTC (permalink / raw) To: dm-crypt Hi, In plain dm-crypt mode, there is no encrypted master key on the device (i.e., no metadata header). Is a master key derived from the user passphrase and used to en-/decrypt the device? If yes, how to derive the master key from the passphrase in plain mode? Thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] How to derive master key in plain dm-crypt mode 2014-12-10 11:48 [dm-crypt] How to derive master key in plain dm-crypt mode Jian-Ming Zheng @ 2014-12-10 15:56 ` Ralf Ramsauer 2014-12-10 16:01 ` Ralf Ramsauer 2014-12-10 22:34 ` Robert Nichols 1 sibling, 1 reply; 6+ messages in thread From: Ralf Ramsauer @ 2014-12-10 15:56 UTC (permalink / raw) To: dm-crypt On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote: > Hi, > > In plain dm-crypt mode, there is no encrypted master key on the device > (i.e., no metadata header). Is a master key derived from the user > passphrase and used to en-/decrypt the device? If yes, how to derive > the master key from the passphrase in plain mode? Hi, No. In short words and to sum it up: The passphrase is used to generate some "intermediate" key, using a Key Derivation Function. In case of Luks, this function is PBKDF2. This derived key is used to decrypt a Keyslot in the Luks header of your volume, which contains the actual masterkey. So having only the passphrase is not sufficient to derive a volume's masterkey. cheers Ralf > > Thanks. > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] How to derive master key in plain dm-crypt mode 2014-12-10 15:56 ` Ralf Ramsauer @ 2014-12-10 16:01 ` Ralf Ramsauer 2014-12-11 2:16 ` Jian-Ming Zheng 0 siblings, 1 reply; 6+ messages in thread From: Ralf Ramsauer @ 2014-12-10 16:01 UTC (permalink / raw) To: dm-crypt On 12/10/2014 05:56 PM, Ralf Ramsauer wrote: > On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote: >> Hi, >> >> In plain dm-crypt mode, there is no encrypted master key on the device >> (i.e., no metadata header). Is a master key derived from the user >> passphrase and used to en-/decrypt the device? If yes, how to derive >> the master key from the passphrase in plain mode? Oh I'm sorry. I stand corrected. I skipped a word when I read your message. I skipped the "plain" part. I can't answer your question as I don't know how the key is derived from the passphrase using plain mode. But I'm pretty sure someone one this list will know it. But I can tell you, that if your device is mounted, you can use dmsetup to dump the masterkey: # dmsetup table --showkeys DEVICENAME cheers Ralf > Hi, > > No. > > In short words and to sum it up: > The passphrase is used to generate some "intermediate" key, using a Key > Derivation Function. In case of Luks, this function is PBKDF2. > This derived key is used to decrypt a Keyslot in the Luks header of your > volume, which contains the actual masterkey. > > So having only the passphrase is not sufficient to derive a volume's > masterkey. > > cheers > Ralf >> Thanks. >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] How to derive master key in plain dm-crypt mode 2014-12-10 16:01 ` Ralf Ramsauer @ 2014-12-11 2:16 ` Jian-Ming Zheng 0 siblings, 0 replies; 6+ messages in thread From: Jian-Ming Zheng @ 2014-12-11 2:16 UTC (permalink / raw) To: Ralf Ramsauer; +Cc: dm-crypt Hi, Ralf, Thanks for your response. More precisely, the key slot in the LUKS header contains the encrypted master key (i.e., master key checksum from PBKDF2), not the master key. The PBKDF2ed passphrase decrypts the encrypted master key in a key slot, and the decryption result is processed by AFmerge to obtain a master key candidate. The PBKDF2ed checksum of the master key candidate is compared against the master key checksum in the key slot. Is my understanding correct? On Thu, Dec 11, 2014 at 12:01 AM, Ralf Ramsauer <ralf+dm@ramses-pyramidenbau.de> wrote: > On 12/10/2014 05:56 PM, Ralf Ramsauer wrote: >> On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote: >>> Hi, >>> >>> In plain dm-crypt mode, there is no encrypted master key on the device >>> (i.e., no metadata header). Is a master key derived from the user >>> passphrase and used to en-/decrypt the device? If yes, how to derive >>> the master key from the passphrase in plain mode? > > Oh I'm sorry. I stand corrected. > I skipped a word when I read your message. I skipped the "plain" part. > I can't answer your question as I don't know how the key is derived from > the passphrase using plain mode. > But I'm pretty sure someone one this list will know it. > > But I can tell you, that if your device is mounted, you can use dmsetup > to dump the masterkey: > # dmsetup table --showkeys DEVICENAME > > cheers > Ralf >> Hi, >> >> No. >> >> In short words and to sum it up: >> The passphrase is used to generate some "intermediate" key, using a Key >> Derivation Function. In case of Luks, this function is PBKDF2. >> This derived key is used to decrypt a Keyslot in the Luks header of your >> volume, which contains the actual masterkey. >> >> So having only the passphrase is not sufficient to derive a volume's >> masterkey. >> >> cheers >> Ralf >>> Thanks. >>> _______________________________________________ >>> dm-crypt mailing list >>> dm-crypt@saout.de >>> http://www.saout.de/mailman/listinfo/dm-crypt >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] How to derive master key in plain dm-crypt mode 2014-12-10 11:48 [dm-crypt] How to derive master key in plain dm-crypt mode Jian-Ming Zheng 2014-12-10 15:56 ` Ralf Ramsauer @ 2014-12-10 22:34 ` Robert Nichols 2014-12-11 1:37 ` Arno Wagner 1 sibling, 1 reply; 6+ messages in thread From: Robert Nichols @ 2014-12-10 22:34 UTC (permalink / raw) To: dm-crypt On 12/10/2014 05:48 AM, Jian-Ming Zheng wrote: > In plain dm-crypt mode, there is no encrypted master key on the device > (i.e., no metadata header). Is a master key derived from the user > passphrase and used to en-/decrypt the device? If yes, how to derive > the master key from the passphrase in plain mode? The /cryptsetup/ manpage indicates that the key is just the hash of the passphrase using the specified hash function and cropped to the required key length. "cryptsetup --help" will show you the default hash function. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] How to derive master key in plain dm-crypt mode 2014-12-10 22:34 ` Robert Nichols @ 2014-12-11 1:37 ` Arno Wagner 0 siblings, 0 replies; 6+ messages in thread From: Arno Wagner @ 2014-12-11 1:37 UTC (permalink / raw) To: dm-crypt On Wed, Dec 10, 2014 at 23:34:59 CET, Robert Nichols wrote: > On 12/10/2014 05:48 AM, Jian-Ming Zheng wrote: > >In plain dm-crypt mode, there is no encrypted master key on the device > >(i.e., no metadata header). Is a master key derived from the user > >passphrase and used to en-/decrypt the device? If yes, how to derive > >the master key from the passphrase in plain mode? > > The /cryptsetup/ manpage indicates that the key is just the hash of the > passphrase using the specified hash function and cropped to the required > key length. "cryptsetup --help" will show you the default hash function. There is some (optional?) key stretching for keys with more than 160 bits, which is derived from what "hashalot" does. It is however not very interesting. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-12-11 2:16 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-12-10 11:48 [dm-crypt] How to derive master key in plain dm-crypt mode Jian-Ming Zheng 2014-12-10 15:56 ` Ralf Ramsauer 2014-12-10 16:01 ` Ralf Ramsauer 2014-12-11 2:16 ` Jian-Ming Zheng 2014-12-10 22:34 ` Robert Nichols 2014-12-11 1:37 ` Arno Wagner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox