[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Root filesystem encryption update



On Mon, Jun 18, 2007 at 21:58:01 +0200,
  Ralf Ertzinger <fedora camperquake de> wrote:
> 
> Well, dmctypt for example does not validate your password. It just uses
> it to decrypt the block device. If the password was wrong, well, you'll
> get junk.

And it will be pretty easy to tell that there is a file system header where
one is expected. So the process doing the mounting could try passwords under
the assumptions of using an alternate keymaps in what would probably be a
reasonable amount of time. LUKS does some stuff to slow down password
guessing, but as long as there aren't too many keymaps to test, this shouldn't
be a problem.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]