On 10/20/2013 07:52 AM, .. ink .. wrote: > I raised the question not out of fear of anything or spreading FUD on > truecrypt but out of seeking a better understanding of how LUKS > header in particular and header using encrypted volumes in general > are created and managed and if they could be used to manage a > backdoor of some sort. If you have header generated by some unknown binary, you do not need to store master or whatever so complicated. Just mangle how master key is generated (predictable RNG or so) and you have undetectable backdoor. If you have root access to device with active mapping, you can always read encryption key from memory and store it elsewhere, send by WiFi... And, btw some NAS manufacturers add backdoors and weaks security, even for LUKS partitioning systems... http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3200 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3278 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1431 (and probably others I missed) Anyway, if anyone want to audit usptream cryptsetup code, it is more then welcome! Just please do not turn it to some funded service with unclear motivation behind. I will be more than happy to provide any cooperation related to source code audit. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
