From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 14 Nov 2009 19:22:03 +0100 (CET) Received: from int-mx08.intmail.prod.int.phx2.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id nAEIM2WU015917 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sat, 14 Nov 2009 13:22:02 -0500 Received: from [10.36.7.132] (vpn1-7-132.ams2.redhat.com [10.36.7.132]) by int-mx08.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id nAEIM1fZ016360 for ; Sat, 14 Nov 2009 13:22:02 -0500 Message-ID: <4AFEF549.1020203@redhat.com> Date: Sat, 14 Nov 2009 19:22:01 +0100 From: Milan Broz MIME-Version: 1.0 References: <20091114172820.8962FCBEAB@ws5-11.us4.outblaze.com> In-Reply-To: <20091114172820.8962FCBEAB@ws5-11.us4.outblaze.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] The encrypted LUKS Master Key List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/14/2009 06:28 PM, Si St wrote: > A Question: > > Where is the encrypted MK located that decrypts the dm-encrypted partition? In the kesylot area (keyslot areas starts after that visible part of LUKS header), encrypted by the same cipher as data and obfuscated by algorithm described in LUKS specification http://code.google.com/p/cryptsetup/wiki/Specification > I believe to understand the point so far that the decrypted MK is never written to disk, only to the memory. yes, decrypted MK is never stored on disk, only used to set dm-crypt mapping using dm-ioctl. For LUKS, the MK itself is generated using random data, passphrase only unlocks the keyslot area where is the MK stored. To exact specification please read the LUKS documentation above. Milan -- mbroz@redhat.com