how the key is generated?
Hello, everyone: i add one line in the setkey function which is in xts.c file to print the in_key value. I find the key value not same i set in the keyfile by cryptsetup my command is # cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0 # cat my_keyfile 1234567890abcdef1234567890abcdef I want to know how i set my key to encrypt/decrypt the disc for xts-aes and aes alogrithm? And how the crypto get the real key to encrypt the disc or how the key printed in the setkey is genereted and when? Thanks very much! Best Regards Bai Shuwei -- Love other people, as same as love yourself! Don't think all the time, do it by your hands! E-Mail: baishu...@gmail.com -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: how the key is generated?
On 01/26/2010 09:41 AM, Bai Shuwei wrote: Hello, everyone: i add one line in the setkey function which is in xts.c file to print the in_key value. I find the key value not same i set in the keyfile by cryptsetup my command is # cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0 -d is key file for key slot (passphrase), volume (master) key for encryption is generated using RNG during luksFormat inside cryptsetup. You can use pre-generated master key using --master-key-file in cryptsetup 1.1.x (but note it reads raw input, not hexa encoding). See man page. You do not need to modify xts.c btw, try dmsetup table --showkeys for active dm-crypt mappings to show used volume key. (and also better use dm-cr...@saout.de mailing list for questions related to userspace cryptsetup) Milan -- mb...@redhat.com -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] dm-crypt: disable block encryption with arc4
On 01/26/2010 10:22 AM, Sebastian Andrzej Siewior wrote: * Milan Broz | 2010-01-25 19:39:11 [+0100]: On 01/25/2010 07:29 PM, Mikulas Patocka wrote: When using arc4 to encrypt a block device, the resulting device is unreliable. It reads garbage. That's because arc4 is a stream cipher, if you write something, it advances its state and if you attempt to decrypt the same sector, it uses new state that is different. This patch disables the use of arc4 on block devices. arc4 again. it is simply not a block cipher:-) This should be solved inside cryptoAPI and not blacklist it in dm-crypt, see that thread http://article.gmane.org/gmane.linux.kernel.cryptoapi/3441 I some how remember Herbert saying to test for block size 1. Wouldn't this be acceptable to block all stream cipher in one go? yes, I think it is better. (...and I just forgot to add that test to dm-crypt after that suggestion.) Milan -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] dm-crypt: disable block encryption with arc4
This patch disables the use of arc4 on block devices. arc4 again. it is simply not a block cipher:-) This should be solved inside cryptoAPI and not blacklist it in dm-crypt, see that thread http://article.gmane.org/gmane.linux.kernel.cryptoapi/3441 I some how remember Herbert saying to test for block size 1. Wouldn't this be acceptable to block all stream cipher in one go? yes, I think it is better. (...and I just forgot to add that test to dm-crypt after that suggestion.) Milan Hmm, there is salsa20 that has block size 1, larger initialization vectors, and can be used to encrypt disks (although salsa20 doesn't currently work with dm-crypt, because it doesn't accept ecb(), cbc(), etc. chaining modes --- but if you remove the chaining mode manually, it works). You should rather add a flag CRYPTO_ALG_CHANGES_STATE to determine that a cipher can't be used to encrypt disks. Mikulas -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4
On Mon, Jan 25, 2010 at 07:39:11PM +0100, Milan Broz wrote: This should be solved inside cryptoAPI and not blacklist it in dm-crypt, see that thread Agreed. I'm not going to apply a dm patch that maintains a hard-coded broken list. Alasdair -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] dm-crypt: disable block encryption with arc4
* Mikulas Patocka | 2010-01-26 07:27:18 [-0500]: yes, I think it is better. (...and I just forgot to add that test to dm-crypt after that suggestion.) Milan Hmm, there is salsa20 that has block size 1, larger initialization vectors, and can be used to encrypt disks (although salsa20 doesn't currently work with dm-crypt, because it doesn't accept ecb(), cbc(), etc. chaining modes --- but if you remove the chaining mode manually, it works). You should rather add a flag CRYPTO_ALG_CHANGES_STATE to determine that a cipher can't be used to encrypt disks. Just because it will work does not make it a good idea. SALSA20 is a stream cipher not a block cipher. Block ciphers are used to encrypt data. Stream ciphers are used to create one time pads, a set of encryption keys, ... There are block modes like CTR which can turn a block cipher into a stream cipher. Those should not be used for disk encryption as well. Mikulas Sebastian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] dm-crypt: disable block encryption with arc4
On Tue, 26 Jan 2010, Sebastian Andrzej Siewior wrote: * Mikulas Patocka | 2010-01-26 07:27:18 [-0500]: yes, I think it is better. (...and I just forgot to add that test to dm-crypt after that suggestion.) Milan Hmm, there is salsa20 that has block size 1, larger initialization vectors, and can be used to encrypt disks (although salsa20 doesn't currently work with dm-crypt, because it doesn't accept ecb(), cbc(), etc. chaining modes --- but if you remove the chaining mode manually, it works). You should rather add a flag CRYPTO_ALG_CHANGES_STATE to determine that a cipher can't be used to encrypt disks. Just because it will work does not make it a good idea. SALSA20 is a stream cipher not a block cipher. Block ciphers are used to encrypt data. Stream ciphers are used to create one time pads, a set of encryption keys, ... There are block modes like CTR which can turn a block cipher into a stream cipher. Those should not be used for disk encryption as well. Salsa20 is unsuitable for disk encryption in most cases. It would be suitable if we knew that the attacker can obtain the image of encrypted device at most once --- it is OK to protect against laptop theft (it happens just once), but it is not OK to protect against support technician spying on your data (he can read them multiple times, if you have multiple support requests). Anyway, what I wanted to say, is that block_size = 1 test is no less hacky than !strcmp(cipher, arc4) test. Mikulas -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: how the key is generated?
On Tue, Jan 26, 2010 at 4:58 PM, Milan Broz mb...@redhat.com wrote: On 01/26/2010 09:41 AM, Bai Shuwei wrote: Hello, everyone: i add one line in the setkey function which is in xts.c file to print the in_key value. I find the key value not same i set in the keyfile by cryptsetup my command is # cryptsetup luksFormat -d my_keyfile -c xts-aes-plain -s 256 /dev/loop0 -d is key file for key slot (passphrase), volume (master) key for encryption is generated using RNG during luksFormat inside cryptsetup. You can use pre-generated master key using --master-key-file in cryptsetup 1.1.x (but note it reads raw input, not hexa encoding). See man page. You do not need to modify xts.c btw, try dmsetup table --showkeys for active dm-crypt mappings to show used volume key. (and also better use dm-cr...@saout.de mailing list for questions related to userspace cryptsetup) Milan -- mb...@redhat.com Hi, thanks Milan firstly! I use dmsetup table --showkeys get the bellow information. disk$ sudo dmsetup table --showkeys /dev/mapper/dsi0 0 2040 crypt aes-xts-plain 3131313131313131313131313131313131313131313131313131313131313131 0 7:0 2056 If i forget the passphase, can i use the above information/key to recovery my disk? Best Regards Bai Shuwei -- Love other people, as same as love yourself! Don't think all the time, do it by your hands! E-Mail: baishu...@gmail.com -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html