gmane.linux.kernel.device-mapper.dm-crypt

linux luks automatic boot with keyfile (INSECURE)

Nuno Reis — 2012-05-25T02:29:14

Good morning.

I would like to ask you about the best choice to have one or two luks
encrypted partitions to boot automatically between reboots without me to
enter a pass-phrase.
I've made this already, but the way i'm doing it seems to be not very
secure since the keyfile is referenced in /etc/crypttab and the keyfile and
/etc/crypttab both reside on an unencrypted partition. If someone clones my
HDD and connect it to some other system will easily be able to mount the
unencrypted partitions and find the keyfile reference on /etc/crypttab to
get the keyfile and unencrypt the protected partitions right?
So basically my problem is that i want to sell a linux server with some
software i've developed to a datacenter (as an appliance), but i don't want
them to get to my software easily and i can't have a password prompt
between reboots also.
Can you point me out what you think would be the best solution for me?
Thanks.

BR,
Nuno.
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3ly

typo in section 6.1 of faq

.. ink .. — 2012-05-22T16:25:21

second sentence of second paragraph has a misspelled word "occuurence"

also, will be ok if i could copy a paragraph or two from the faq for my project?
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

typo in section 6.7 of faq

.. ink .. — 2012-05-22T13:57:34

last sentence of 4th paragraph reads "To prevent this, use a
filesystem level backup methid that encrypts the whole backup in one
go, e.g. as described above with tar and GnuPG",

"method" is misspelled "methid"
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

Brute force aes-plain

Kereoz — 2012-05-16T17:03:40

Hi all,

Quick story:
- are there any knows issues with plain dm-crypt volumes in Debian ? (Other than the
  default changing from aes-cbc-plain to aes-cbc-essiv ?)
- anyone here tried bruteforcing aes-cbc-plain (I got a rather short key) ? 

(Could you please CC me in the replies to this thread as I am not (yet ?) a
subscriber of this mailing list).

Long story:
I recently came back from a one year trip abroad, and got my hands back on an
encrypted hard drive I left there. I was pretty sure I knew the key for this
drive but after trying everything I could think about it is now sitting on my
desk until I find a solution. 

I don't know for sure whether I forgot the key or I am using the wrong
algorithm, as the version of cryptsetup I was using at the time was different
(different Debian release) and I read the defaults have changed. I am fairly
sure I used the '-c aes-plain' option initially but I had no luck with it. I
also tried aes-cbc-essiv and had no luck either. Is there anything else I could
try ?

No

Writing Asynchronous Block Ciphers

Rodel Miguel — 2012-05-11T04:30:46

Hello,

I would like to know if anyone has a tutorial/document link in writing a
CRYPTO_ALG_TYPE_ABLKCIPHER crypto device driver?  I am looking at
drivers/cipher/mv_cesa.c but there are lots of things going on which are
hardware context related.  I would like to know what the minimum
requirements for an asynchronous block cipher drivers are before I hand
over (DMA) the collected data to my encryption hardware.

Thanks in advance for your help!

Kind Regards,
Rodel


 <http://lxr.free-electrons.com/ident?i=CRYPTO_ALG_TYPE_BLKCIPHER>
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

Encrypting swap

Konstantin Svist — 2012-05-10T19:50:30

Hi,

I'm setting up Fedora 16 i686 with [luks] encrypted root on a laptop.

Problem is, I can't seem to find a way to encrypt the swap so that it 
would be usable for hibernation.

* Simple setup for encrypting swap uses a random key generated on each 
boot, so resuming doesn't work.
* Using the same key for swap & root is not recommended because some 
tool caches the password, making the whole thing meaningless [1]
* Using a swap file doesn't work because btrfs is Copy-On-Write, so the 
filesystem may get messed up by hibernate/resume process.

I'm not sure if the "same key" problem exists in Fedora 16, I've tried 
setting it up this way and I'm able to boot but not resume.

Any help appreciated!



[1] 
https://wiki.archlinux.org/index.php/Talk:System_Encryption_with_LUKS_for_dm-crypt#Suspend_to_disk_instructions_are_insecure 





_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

encryption of single files using cryptsetup ala gpg -c

.. ink .. — 2012-05-08T20:28:22

most people( according to google search ) seem to use gpg command to
encrypt a single file in linux with a passphrase.

I just added the ability to encrypt a single file like gpg in zulucrypt
using cryptsetup,currently in plain format.

The current implementation adds a 512 byte header to the encrypted file to
store information about the plain data length to work around padding issues
if the data that is to be encrypted is not a multiple of 512. The header is
also encrypted with the load so the only way to read the header is to first
decrypt the encrypted file with the correct passphrase.

Like somebody said in one of the previous discussions on plain volumes,the
only way to know a correct passphrase was used when decrypting a plain
volume is to check in the  decrypted data for something that is known to be
there from the original data.

The question i am asking is, is it possible to write some information in
the header in a way that will tell me the decrypting key is the same as the
encrypting key?

One sol

Anoter Raid Restoe

Daniel — 2012-05-06T08:55:23

Hello i have following Problem. 
Unfortunately through a power loss all superblocks of my RAID were
destroyed.
My setup

8 x 1TB in a RAID 6
3 x 2TB in a RAID 5

The crucial data are on both of these arrays. 
After googling a while i recognized that several users encountered that
problem.
Most of them were able to restore their arrays by creating the array
again with excatly the same parameters mdadm --create ..... 
i tried that with the 3 x 2TB Array. Unfortunately after that
cryptsetup luksOpen tels me "md5 is  no valid luks device". Then I had
a look on the fist bytes of the array. Unfortunately it dose seem to be
crap and no luks header. I unfortunately do not have a luks-header
backup of this array. I do have a backup of the luks header of the 8 x
1 TB array. Bevore i Try the same with the 8 x 1 TB Array i would like
to make deadly sure there are no other options. 

Maby someone can Help me 
Here some information that might be helpful:

Hexdump of the 3x 2TB Array
00000000  30 af 62 61 58 4f 88 1a  a4 d

Cryptsetup FAQ montly posting 5/2012

Arno Wagner — 2012-05-02T20:13:55

Sections 

1. General Questions
2. Setup
3. Common Problems
4. Troubleshooting
5. Security Aspects
6. Backup and Data Recovery
7. Interoperability with other Disk Encryption Tools
8. Issues with Specific Versions of cryptsetup
A. Contributors


1. General Questions 


 * 1.1 What is this?

  This is the FAQ (Frequently Asked Questions) for cryptsetup. It
  covers Linux disk encryption with plain dm-crypt (one passphrase,
  no management, no metadata on disk) and LUKS (multiple user keys
  with one master key, anti-forensic features, metadata block at
  start of device, ...). The latest version of this FAQ should
  usually be available at
  http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions


 * 1.2 WARNINGS

  ATTENTION: If you are going to read just one thing, make it the
  section on Backup and Data Recovery. By far the most questions on
  the cryptsetup mailing list are from people that managed to damage
  the start of their LUKS partitions, i.e. the LUKS header. In
  most cases, there is n

XTS performance

Yaron Sheffer — 2012-05-01T06:26:39

Hi,

Looking back at the archives, it appears that aes-xts-plain in dm-crypt
runs at half the speed of aes-cbc-essiv:
http://www.saout.de/pipermail/dm-crypt/2010-November/001348.html. Milan
explained it at the time by XTS doing 2 AES operations for each
plaintext block. But my understanding of XTS is that it is similar to
ESSIV: 1 AES op per 16-byte block, plus 1 op for the sector.

- Did I misread the definition of XTS, and it's really 2 AES ops per
16-byte block?

- Does anybody have more recent performance comparisons, confirming (or
not) the performance difference?

Thanks,

     Yaron

_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

XTS performance

Yaron Sheffer — 2012-04-30T12:00:21

Hi,

Looking back at the archives, it appears that AES-XTS in dm-crypt runs 
at half the speed of AES-CBC-ESSIV: 
http://www.saout.de/pipermail/dm-crypt/2010-November/001348.html. Milan 
explained it at the time by XTS doing 2 AES operations for each 
plaintext block. But my understanding of XTS is that it is similar to 
ESSIV: 1 AES op per 16-byte block, plus 1 op for the sector.

- Did I misread the definition of XTS, and it's really 2 AES ops per 
16-byte block?

- Does anybody have more recent performance comparisons, confirming (or 
not) the performance difference?

Thanks,

     Yaron

_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

Need help: Device /dev/md3 is not a valid LUKS device

Lucy Brentwood — 2012-04-29T18:03:57

Hello all,

Following an advice found in an Internet forum, I am sending this list my request for help in hope someone will be able to answer it.

I am installing Debian in a new computer (so I am pretty flexible about what I can do).


I started following a tutorial for RAID5 + DM-CRYPT + LVM2 and I now face a weird issue.

I launch the computer with the latest Debian live distribution and work on the hard drives from there.


The first steps that concern this issue are:

I partition the 4 hard drives using fsdisk, one partition with 10GB for /boot, one with 130GB for swap, and two big partitions for the operating system and for additional data. /boot is set as bootable, all as Linux Raid devices (code fd).


I create a RAID5 array with the four hard drives:


# mdadm --create /dev/md3 --level=5 --raid-devices=4 /dev/sda4 /dev/sdb4 /dev/sdc4 /dev/sdd4 


Then I format it to ext4:

# mke2fs -t ext4 /dev/md3

Then I encrypt the partition:

# KEYFILE="/media/PENDRIVE/picture.jpg"
# cryptsetup --hash sha512 --k

Does dm-crypt support journaling filesystemtransactional guarantees?

Yang Zhang — 2012-04-24T06:45:12

I'm considering using ext4 on encrypted LVM (which uses LUKS and
dm-crypt). Will the transactional guarantees in ext4's journaling be
preserved?

Bonus: where may I find authoritative information on this (besides the source)?

Thanks in advance for any answers.
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

Help

Simon Bing — 2012-04-20T15:58:46

I used cryptsetup to perform the following function

cryptsetup -y --cipher aes-xts-plain --key-size 512 luksFormat /dev/sdb1

An error occured saying it couldnt be performed which i pretty much ignored
and just thought i won't bother.  I did note that it mentioned about kernel
compatability though.  The drive appears to be encrypted and wont accept
the passphrase set.  This has just under 1.5 tb of information i can't
afford to loose.  Do you have any solutions, i have looked online but am
absolutely stuck

Cheers

Si
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

cryptsetup

omar ahizoun — 2012-04-20T11:37:53

Hello,

I'm trying to setup a crypted filesystem using cryptsetup under Centos, but
when I execute it, it doesn't ask for password.

cryptsetup -c aes-xts-plain -y -s 256 luksFormat /dev/vg_consulate/lv_Luks

Any Ideas.

Thanks in advance

Omar
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

why nbytes for block cipher encrypt/decrypt is only 512bytes

Rodel Miguel — 2012-04-20T09:28:54

Hi,

I am implementing a hardware encryption driver but I am having some
performance issues.  One of the areas of performance improvement that I am
thinking is to increase the number of bytes (unsigned int nbytes) that my
block cipher driver's encrypt/decrypt function gets; from 512 to 4096
bytes.  My hardware can be maximized to 4kbytes.  Do you have any
suggestions how I can maximize the en/decrypt performance by getting more
than 512 bytes of data every time the block cipher's encrypt/decrypt is
called?

Thank you very much for your help!

Kind Regards,
Rodel
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

comment on API for saving and restoring luks header.

.. ink .. — 2012-04-18T21:19:21

/**
 * Backup header and keyslots to file
 *
 * < at >param cd crypt device handle
 * < at >param requested_type type of header to backup
 * < at >param backup_file file to backup header to
 *
 * < at >return < at >e 0 on success or negative errno value otherwise.
 *
 */

The above is a comments on options for "crypt_header_backup" and
"crypt_header_restore".

The comment does not have "use < at >e NULL for all known" explanation for the
second argument.

Should i assume this is an oversight and use "NULL" for the second argument?
_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

simple ideas addressing ssd TRIM security concern

alban bernard — 2012-04-14T01:23:23

Hi,

I carefully read that page http://asalor.blogspot.fr/2011/08/trim-dm-crypt-problems.html to understand the basics behind the main security problem involved by trim commands. Simple ideas came to my mind, but I need to submit them to know how they fail (or by any chance how they may succeed).

From what I understand, TRIM commands are used to say to the SSD controller: "these sectors are discarded, so you can erase them at any time chosen by you rather than waiting an explicit rewrite from me". So, from a crytographic point of view, using TRIM commands is like replacing deleted files by "zero" files in a totally uncontrolled manner. This breaks the main purpose of cryptography: hiding as much things as possible.

After TRIM commands, the SSD controller erases blocks whenever he wants after receiving the command. Thus, it seems to not inform us back where those blocks are remapped in its LBA translation table (not sure about that).

So, what about running TRIM commands only in certain cases: on-demand / b

Cryptsetup FAQ, montly posting 4/2012

Arno Wagner — 2012-04-10T22:18:25

A bit delayed. No changes to last month.

Arno
---
Sections 

1. General Questions
2. Setup
3. Common Problems
4. Troubleshooting
5. Security Aspects
6. Backup and Data Recovery
7. Interoperability with other Disk Encryption Tools
8. Issues with Specific Versions of cryptsetup
A. Contributors


1. General Questions 


 * 1.1 What is this?

  This is the FAQ (Frequently Asked Questions) for cryptsetup. It
  covers Linux disk encryption with plain dm-crypt (one passphrase,
  no management, no metadata on disk) and LUKS (multiple user keys
  with one master key, anti-forensic features, metadata block at
  start of device, ...). The latest version of this FAQ should
  usually be available at
  http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions


 * 1.2 WARNINGS

  ATTENTION: If you are going to read just one thing, make it the
  section on Backup and Data Recovery. By far the most questions on
  the cryptsetup mailing list are from people that managed to damage
  the start of their LUKS partitions

LUKS with shared partition on cluster environment

Peter Svacho — 2012-04-10T18:14:22

Hello,

I would like to ask you whether LUKS is possible to use on cluster environment. 
I have two nodes. From each node I can see shared disk partition from disk array. I want to know whether it's possible to use LUKS for this shared partition. I can imagine that I can setup LUKS from one node but I don't know what should be done on second node. For example when I restart first node pass the passphrase for LUKS during the boot process for shared partition, system start up with encrypted partition. But what happen when I try to restart the second node. 

I would like to setup Oracle ACFS (ASM Cluster Filesystem) on encrypted partition.

Thanks for answer.

Peter

_______________________________________________
dm-crypt mailing list
dm-crypt-4q3lyFh4P1g< at >public.gmane.org
http://www.saout.de/mailman/listinfo/dm-crypt

can't open luks device after raid 5 rebuild

artificial11000 — 2012-04-07T15:54:45

Hi guys,

after my encrypted RAID 5 was degraded and rebuilt, I can't open it anymore.

cryptsetup luksOpen /dev/md127 archiv
Geben Sie den Passsatz für /dev/md127 ein:
Kein Schlüssel mit diesem Passsatz verfügbar.

It says that the provided password doesn't match any of the stored keys.

Here's the output of luksDump:

cryptsetup luksDump /dev/md127
LUKS header information for /dev/md127

Version:       1
Cipher name:   aes
Cipher mode:   xts-plain
Hash spec:     sha1
Payload offset:4040
MK bits:       512
MK digest:     53 24 e5 1d 68 3e f1 5f 96 56 06 23 85 4a b6 89 07 de 52 1d
MK salt:       5b 2e 4b 48 d8 2f 91 52 90 79 3b 6e 73 13 52 f1
                8f 9e 35 50 8e 25 9e 92 22 52 48 26 44 d7 bd 6c
MK iterations: 10
UUID:          3fbd3c47-8dc3-4541-8960-00c0a80c8ae9

Key Slot 0: ENABLED
Iterations:         363564
Salt:               32 db 41 40 56 fe 6f a9 c7 e4 c4 5f a0 4c 52 db
                      8e df 07 8c 9b 32 86 e6 ac 0c 8a e6 c4 69 31 0f
Key material offset:8
AF stri