Re: [dm-crypt] The encrypted LUKS Master Key; more Q

Re: [dm-crypt] The encrypted LUKS Master Key; more Q

[Si St]

I have studied the different docu derived directly an linkwise indirectly from Clemens Früwirth page.

Now,

Assuming that the the area 0x1000 was the area for the encrypted  masterkey, I notice that it is quite a bulk of material there. How much of this area is the actual encr.MasterKey? The MK comprises 128 bits. The eMK seems to comprise 0x1000-0x10a00 area for Bytes. So far info from the use of /usr/bin/xxd.

Is all of this the eMK or only a part of it? If only a part of it, what else is this area containing?

It is an usb-stick all is about here. At the end of the block area information like this comes out, that for sure do not belong to the encrypted key material:

0000 0000 d738 2d4a 9736 324a  .........8-J.62J
0010a10: 9736 324a 9736 324a 6400 0000 0000 0000  .62J.62Jd.......


To make it easy for you, you could just tell me the exact number of bytes the eMK area should contain. There might be junk on my usb-stick from former mkfs.ext2 that was not zeroed out before the luksFormat. I find lost+found markings after the dd, (just to have said that),that is why I ask about the size of the eMK area.

Hope I am not making things to difficult for you. You are all nice guys.

SS
-------------------------------------------------------
> ----- Original Message -----
> From: "Milan Broz" <mbroz@redhat.com>
> To: dm-crypt@saout.de
> Subject: Re: [dm-crypt] The encrypted LUKS Master Key
> Date: Sat, 14 Nov 2009 19:22:01 +0100
> 
> 
> On 11/14/2009 06:28 PM, Si St wrote:
> > A Question:
> >
> > Where is the encrypted MK located that decrypts the dm-encrypted partition?
> 
> In the kesylot area (keyslot areas starts after that visible part 
> of LUKS header),
> encrypted by the same cipher as data and obfuscated by algorithm
> described in LUKS specification 
> http://code.google.com/p/cryptsetup/wiki/Specification
> 
> > I believe to understand the point so far that the decrypted MK is 
> > never written to disk, only to the memory.
> yes, decrypted MK is never stored on disk, only used to set 
> dm-crypt mapping using dm-ioctl.
> 
> For LUKS, the MK itself is generated using random data, passphrase 
> only unlocks the keyslot area
> where is the MK stored.
> 
> To exact specification please read the LUKS documentation above.
> 
> Milan
> --
> mbroz@redhat.com
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

>


-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze

Re: [dm-crypt] The encrypted LUKS Master Key; more Q

[DarKRaveR]

Well,

Milan pointed you at the specification, you might want to read it, I quote:
"To wipe the sectors containing the key material, start from
the sector as recorded in key slot’s key-material-offset field, and
proceed for
phdr.key-bytes * ks.stripes bytes."

There's complete pseudocode how to retrieve the MK from the keymaterial,
you just need to read it.

Regards

-Sven


On Sat, November 14, 2009 22:21, Si St wrote:
> I have studied the different docu derived directly an linkwise indirectly
> from Clemens Früwirth page.
>
> Now,
>
> Assuming that the the area 0x1000 was the area for the encrypted
> masterkey, I notice that it is quite a bulk of material there. How much of
> this area is the actual encr.MasterKey? The MK comprises 128 bits. The eMK
> seems to comprise 0x1000-0x10a00 area for Bytes. So far info from the use
> of /usr/bin/xxd.
>
> Is all of this the eMK or only a part of it? If only a part of it, what
> else is this area containing?
>
> It is an usb-stick all is about here. At the end of the block area
> information like this comes out, that for sure do not belong to the
> encrypted key material:
>
> 0000 0000 d738 2d4a 9736 324a  .........8-J.62J
> 0010a10: 9736 324a 9736 324a 6400 0000 0000 0000  .62J.62Jd.......
>
>
> To make it easy for you, you could just tell me the exact number of bytes
> the eMK area should contain. There might be junk on my usb-stick from
> former mkfs.ext2 that was not zeroed out before the luksFormat. I find
> lost+found markings after the dd, (just to have said that),that is why I
> ask about the size of the eMK area.
>
> Hope I am not making things to difficult for you. You are all nice guys.
>
> SS
> -------------------------------------------------------
>> ----- Original Message -----
>> From: "Milan Broz" <mbroz@redhat.com>
>> To: dm-crypt@saout.de
>> Subject: Re: [dm-crypt] The encrypted LUKS Master Key
>> Date: Sat, 14 Nov 2009 19:22:01 +0100
>>
>>
>> On 11/14/2009 06:28 PM, Si St wrote:
>> > A Question:
>> >
>> > Where is the encrypted MK located that decrypts the dm-encrypted
>> partition?
>>
>> In the kesylot area (keyslot areas starts after that visible part
>> of LUKS header),
>> encrypted by the same cipher as data and obfuscated by algorithm
>> described in LUKS specification
>> http://code.google.com/p/cryptsetup/wiki/Specification
>>
>> > I believe to understand the point so far that the decrypted MK is
>> > never written to disk, only to the memory.
>> yes, decrypted MK is never stored on disk, only used to set
>> dm-crypt mapping using dm-ioctl.
>>
>> For LUKS, the MK itself is generated using random data, passphrase
>> only unlocks the keyslot area
>> where is the MK stored.
>>
>> To exact specification please read the LUKS documentation above.
>>
>> Milan
>> --
>> mbroz@redhat.com
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>
>>
>
>
> --
> _______________________________________________
> Surf the Web in a faster, safer and easier way:
> Download Opera 9 at http://www.opera.com
>
> Powered by Outblaze
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

Re: [dm-crypt] The encrypted LUKS Master Key; more Q

[Heinz Diehl]

On 14.11.2009, Si St wrote: 

> How much of this area is the actual encr.MasterKey? 

Read the document which Milan has referenced to, with special focus on
AFsplit and AFmerge. It's described on page 2 how it works, where the
master key is stored, and why AFsplit has been developed.

And it would be nice if you could truncate your lines in your mails
to a size < 80 chars. That would make it a lot more readable.

Thanks,
Heinz.

Re: [dm-crypt] The encrypted LUKS Master Key; more Q

[Si St]

I have understood.
The keys are inflated by the AF-splitter mechanism.
And I mixed up the KM1...KM8 with the key slots in the phdr.
(136C)
---------------------------------------------------------
> ----- Original Message -----
> From: "Heinz Diehl" <htd@fancy-poultry.org>
> To: dm-crypt@saout.de
> Subject: Re: [dm-crypt] The encrypted LUKS Master Key; more Q
> Date: Sat, 14 Nov 2009 22:59:16 +0100
> 
> 
> On 14.11.2009, Si St wrote:
> 
> > How much of this area is the actual encr.MasterKey?
> 
> Read the document which Milan has referenced to, with special focus on
> AFsplit and AFmerge. It's described on page 2 how it works, where the
> master key is stored, and why AFsplit has been developed.
> 
> And it would be nice if you could truncate your lines in your mails
> to a size < 80 chars. That would make it a lot more readable.
> 
> Thanks,
> Heinz.
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

>


-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze