From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPsba0hCUlrn for ; Tue, 27 Sep 2011 14:26:10 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 27 Sep 2011 14:26:09 +0200 (CEST) Message-ID: <4E81C0DA.9040301@redhat.com> Date: Tue, 27 Sep 2011 14:26:02 +0200 From: Milan Broz MIME-Version: 1.0 References: <1317124413.4e81b93d2c5f8@webmail.inmano.com> In-Reply-To: <1317124413.4e81b93d2c5f8@webmail.inmano.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Retrieve the Passphrase from RAM Memory List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: octane indice Cc: dm-crypt@saout.de, Eduardo Schultze On 09/27/2011 01:53 PM, octane indice wrote: > The passphrase, I don't think so, but the master key, yes > for sure. > Here is a paper in french (maybe google translate can > help) where somebody gets the master key, then use it > for reading data: > http://sylv1.tuxfamily.org/2008/240/gout-de-luks.html hm this is naive approach but just illustrate the problem that distros ignore deactivation of dmcrypt mapping during shutdown. if you are superuser, you can always get volume key (so far) dmsetup table --showkeys also see http://code.google.com/p/cryptsetup/source/browse/trunk/misc/luks-header-from-active (recreating LUKS header from active device & volume key) Milan