On 12/10/2014 05:56 PM, Ralf Ramsauer wrote: > On 12/10/2014 01:48 PM, Jian-Ming Zheng wrote: >> Hi, >> >> In plain dm-crypt mode, there is no encrypted master key on the device >> (i.e., no metadata header). Is a master key derived from the user >> passphrase and used to en-/decrypt the device? If yes, how to derive >> the master key from the passphrase in plain mode? Oh I'm sorry. I stand corrected. I skipped a word when I read your message. I skipped the "plain" part. I can't answer your question as I don't know how the key is derived from the passphrase using plain mode. But I'm pretty sure someone one this list will know it. But I can tell you, that if your device is mounted, you can use dmsetup to dump the masterkey: # dmsetup table --showkeys DEVICENAME cheers Ralf > Hi, > > No. > > In short words and to sum it up: > The passphrase is used to generate some "intermediate" key, using a Key > Derivation Function. In case of Luks, this function is PBKDF2. > This derived key is used to decrypt a Keyslot in the Luks header of your > volume, which contains the actual masterkey. > > So having only the passphrase is not sufficient to derive a volume's > masterkey. > > cheers > Ralf >> Thanks. >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
