On Wed, Dec 10, 2014 at 23:34:59 CET, Robert Nichols wrote: > On 12/10/2014 05:48 AM, Jian-Ming Zheng wrote: > >In plain dm-crypt mode, there is no encrypted master key on the device > >(i.e., no metadata header). Is a master key derived from the user > >passphrase and used to en-/decrypt the device? If yes, how to derive > >the master key from the passphrase in plain mode? > > The /cryptsetup/ manpage indicates that the key is just the hash of the > passphrase using the specified hash function and cropped to the required > key length. "cryptsetup --help" will show you the default hash function. There is some (optional?) key stretching for keys with more than 160 bits, which is derived from what "hashalot" does. It is however not very interesting. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
