I have studied the different docu derived directly an linkwise indirectly from Clemens Früwirth page. Now, Assuming that the the area 0x1000 was the area for the encrypted masterkey, I notice that it is quite a bulk of material there. How much of this area is the actual encr.MasterKey? The MK comprises 128 bits. The eMK seems to comprise 0x1000-0x10a00 area for Bytes. So far info from the use of /usr/bin/xxd. Is all of this the eMK or only a part of it? If only a part of it, what else is this area containing? It is an usb-stick all is about here. At the end of the block area information like this comes out, that for sure do not belong to the encrypted key material: 0000 0000 d738 2d4a 9736 324a .........8-J.62J 0010a10: 9736 324a 9736 324a 6400 0000 0000 0000 .62J.62Jd....... To make it easy for you, you could just tell me the exact number of bytes the eMK area should contain. There might be junk on my usb-stick from former mkfs.ext2 that was not zeroed out before the luksFormat. I find lost+found markings after the dd, (just to have said that),that is why I ask about the size of the eMK area. Hope I am not making things to difficult for you. You are all nice guys. SS ------------------------------------------------------- > ----- Original Message ----- > From: "Milan Broz" <mbroz@xxxxxxxxxx> > To: dm-crypt@xxxxxxxx > Subject: Re: The encrypted LUKS Master Key > Date: Sat, 14 Nov 2009 19:22:01 +0100 > > > On 11/14/2009 06:28 PM, Si St wrote: > > A Question: > > > > Where is the encrypted MK located that decrypts the dm-encrypted partition? > > In the kesylot area (keyslot areas starts after that visible part > of LUKS header), > encrypted by the same cipher as data and obfuscated by algorithm > described in LUKS specification > http://code.google.com/p/cryptsetup/wiki/Specification > > > I believe to understand the point so far that the decrypted MK is > > never written to disk, only to the memory. > yes, decrypted MK is never stored on disk, only used to set > dm-crypt mapping using dm-ioctl. > > For LUKS, the MK itself is generated using random data, passphrase > only unlocks the keyslot area > where is the MK stored. > > To exact specification please read the LUKS documentation above. > > Milan > -- > mbroz@xxxxxxxxxx > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com Powered by Outblaze _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt