Re: Crypto operation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Nov 05, 2010 at 10:49:33AM +0100, octane indice wrote:
> Hello,
> 
> In order to better understand how cryptsetup works, I'm asking if there is a
> 'big picture' or a debug mode explaining how things are done. (I'm asking
> about cryptsetup, not LUKS).

As MIlan already wrote, it is basically just the application 
of two crypto algorithms, both of which are not in cryptsetup, 
but in the kernel. As they are used in the context of the 
device mapper, they need to be in the kernel, but if you do 
direct access via an userspace application, they can be anywhere.

For your experiments, I recomend that you use a small loop-file,
mount it via dm-crypt and put some plaintext in it, e.g. like 
this:

  head -c 1M /dev/zero > cfile   # create empty file
  losetup /dev/loop0 cfile        
  cryptsetup create c1 /dev/loop0 
  man bash > /dev/mapper/c1
  cryptsetup remoce c1
  losetup -d /dev/loop0

You can then trial decrypt cfile. You can use --cipher,
and --hashto set something simpler than the
curent defaults of aes-cbc-essiv:sha256, ripemd160,
but that should not make too much of a difference.

You can read about cipher modes here, if you want to do
the mode yourself:
  http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

ESSIV is described here:
  http://en.wikipedia.org/wiki/ESSIV#ESSIV
with the hash that listed after the ':' in the cipher spec.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux