Re: Brute force against LUKS

[junk <junk@xxxxxxxxxxxxx>]

Christophe wrote:
> junk wrote:
>   
> > Christophe wrote:
> >     
> > > Arno Wagner wrote:
> > >  
> > >       
> > > > On Wed, Oct 04, 2006 at 01:03:50AM +0200, Christophe wrote:
> > > >      
> > > >         
> > > > > Hi,
> > > > >
> > > > > I read through the mailling-list and still have a question about LUKS
> > > > > and brute force attacks :
> > > > > is there a way to have LUKS block any further trial at accessing the
> > > > > encrypted partition after (for instance) 10 identification failure
> > > > > when trying to open the encrypted partition ?
> > > > > This way, brute force attack would not be possible...
> > > > > thanks for your answer !
> > > > >           
> > > > >           
> > > > Would not help, since an attacker does not need to use the
> > > > LUKS code, but can simulate the attack.
> > > >
> > > > Arno
> > > >       
> > > >         
> > > Thx for you answer,
> > > Still, I don't understand how he could simulate the attack, since I
> > > thought the partition was encoded with a cipher-key.
> > > I thought the cipher key was acessible only when you get the password
> > > right, then acces it from the partition table.
> > > I am sorry I dod not get deep enough into the implemantation of luks,
> > > but still I would like to understand.
> > >
> > > Do you pls have a hint for me of a link I could read, not about the
> > > implementation precisely but why an attacker could / could not attack ?
> > >
> > > thank you
> > >
> > >   
> > >       
> > Yes but in this scenario, the attacker has the old key so they can use
> > their old key plus the old partition header get at the key. Not sure
> > why they wouldn't just store the master key at the point they have
> > originally had access to the partition though.
> >
> > -- jeek
> >
> >
> > ---------------------------------------------------------------------
> > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
> > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: dm-crypt-help@xxxxxxxx
> >
> >
> >     
> Hello,
> I did not mean theat the attacker had the old key. He only has a copy of
> the partition or the whole disk, whatever.
> is it the same for you ?
> chris
>
>   

Sorry, I misunderstood. Yes, if the attacker has an offline copy of the 
partition they can mount a brute force attack regardless of anything 
LUKS or dm-crypt does.

-- jeek

---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx