On Tue, Apr 28, 2009 at 11:42:11AM +1000, Roscoe wrote: > On Tue, Apr 28, 2009 at 1:05 AM, Arno Wagner > > The keys are storwed > later on the LUKS container, but there is > > irreplaceable information in the first 512 bytes (of which there > > is no redundant copy), namely the salt at offset 132. All other > > parameters could possibly be recreated with moderate effort, > > but the 32 byte (= 256 bit) salt cannot. > > Surely the mk-digest-salt was of no more importance than the mk-digest. The salt is an anti-forensic measure, making the pre-building of tables more difficult. It needs to be weakly non-predictable and typically is weak key-grade. The mk-digest is an identifier that has a default value and can come only from a short list of names, so an attack can try them all with little effort. So, no, the salt is a real, likely unsolvable, problem, with close to 256 bits of entropy that would need to be guessed, while the mk-digest represents likely less than 2 bits in practice, maybe just a tiny bit more than one with most people using the default. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
