Root filesystem encryption update
Bruno Wolff III
bruno at wolff.to
Mon Jun 18 20:35:25 UTC 2007
On Mon, Jun 18, 2007 at 21:58:01 +0200,
Ralf Ertzinger <fedora at camperquake.de> wrote:
>
> Well, dmctypt for example does not validate your password. It just uses
> it to decrypt the block device. If the password was wrong, well, you'll
> get junk.
And it will be pretty easy to tell that there is a file system header where
one is expected. So the process doing the mounting could try passwords under
the assumptions of using an alternate keymaps in what would probably be a
reasonable amount of time. LUKS does some stuff to slow down password
guessing, but as long as there aren't too many keymaps to test, this shouldn't
be a problem.
More information about the fedora-devel-list
mailing list