The simpel answer is "yes". But it would be hard or impossible to hide. If the master-key is placed anywhere outside of the areas used by an uncompromised cryptsetup, this is glaringly obvious when looking at the on-disk format as all the unused areas are carefully zeroed in the current version. There is a second possibility though: There are some random fields in the LUKS header than could be used to leak key-data, specifically the salts. This would work. It would also be impossible to find out without a source-code analysis of the tool that created the header. Fortunately, cryptsetup is completely open and (unlike TrueCrypt) easy to build yourself. It is also relatively easy to read. (Well, code is never easy to read, but if you are specifically interested in the salt creation, you can just follow that data-path.) The recommendation here would be to not use any binary-only tools to create LUKS headers. As to TrueCrypt, building it is apparently very hard (needs some old C-compiler from 1997?) and there are quite a few gaps and errors in the documentation. My personal favorite hate-target is their dishonesty about the effect of hidden containers, see also Cryptsetup FAQ Items 5.2 and 5.18. Arno On Sat, Oct 19, 2013 at 08:38:17PM -0400, .. ink .. wrote: > There is a lot of commotion surrounding truecrypt's presence or lack of > backdoors and there are calls for its source code to be audited[1] > > How the header is created and maintained seem to be the most obvious place > to put a backdoor as discussed in the linked article. > > can the same be done with LUKS? can a propriety,closed source application > be able to create a LUKS header in a way that will allow it to secretly put > the master key "between gaps" in a header in a way that will still make the > header fully functional and cryptsetup will be able to open it without any > complains? > > [1] > http://blog.cryptographyengineering.com/2013/10/lets-audit-truecrypt.html > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
