Re: plain: opening with a wrong password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



U.Mutlu wrote, On 02/05/2015 02:53 PM:
Arno Wagner wrote, On 02/05/2015 12:54 PM:
On Wed, Feb 04, 2015 at 14:30:17 CET, U.Mutlu wrote:
Quentin Lefebvre wrote, On 02/04/2015 02:02 PM:
Hi,

Le 04/02/2015 13:33, U.Mutlu a écrit :
Hi,
what happens if an encrypted filesystem (plain, no LUKS)
next time is opened accidently with a wrong password,
and new data written to it? Will the filesystem then become
damaged/unusable?

What typically happens when you use a wrong password is that the
cryptsetup create/open command is indeed successful, but mounting your
partition will fail (because the filesystem is not detected).  So you
have few chance to accidentally damage a filesystem, even in plain
mode.

I tried this out now, and indeed that's cool!
Thank you for this useful tip, it spares me to study further
also the LUKS stuff, as plain is IMHO sufficient for my needs.
The main drawback with plain seems to be that one cannot change
the password, instead one needs to re-enrcrypt into a new file/device.

That, you have only one password, and you do not get some
additional protection for weak passwords from salting and
iteration. With a good, passphease plain is about as secure
as LUKS, namely not breakable. (See FAQ item 5.1 for details
of what "good" means.)

Arno

Yes, and one better should create a password by using a password hasher like
the following:
$ echo mypassword | hashalot -x -s mysalt sha256
5d9de7f56a469782ff8a6be363418f62d6f93e33c3adb5c216e7e9c2f9947240
and pass the result to the target (of course using something else for
"mypassword" and "mysalt").

Oh, I forgot to mention: with such a strong password
"plain" is IMHO more secure than "luks" b/c plain offers
no attack vectors (ie. metadata headers).

cu
Uenal



_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt





[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux