Google Git
Sign in
android/platform/external/cryptsetup/dfa2755aba18b9ab2affa2ae0b673bed372c58dd
commit
dfa2755aba18b9ab2affa2ae0b673bed372c58dd
[log]
author
Milan Broz <[email protected]>
Thu Jul 02 08:21:19 2015 +0200
committer
Milan Broz <[email protected]>
Thu Jul 02 08:21:19 2015 +0200
tree
e63f49ba27d4191fc1ad8b7e4689a98af6efc3b4
parent
6e82bdd9a55d9fd720789cdfea34cb50f7380e01 [diff]
If the null cipher is used, allow only empty password for LUKS.

The cipher_null is no-encryption, it can be used for testing
or temporarily when encrypting device (cryptsetup-reencrypt).

Accepting only empty password prevents situation when you replace
a LUKS header on an unlocking device with the faked header using
null cipher (and the same UUID).
Here a system could think that the device was properly unlocked
(with any entered password) and will try to use this unencrypted
partition instead.
(IOW it prevents situation when attacker intentionaly forces
an user to boot into dirrerent system just by LUKS header manipulation.)

Properly configured systems should have an additional integrity protection
in place here (LUKS here provides only confidentiality) but it is better
to not not allow this situation in the first place.
(Despite the fact that once you allow physical tampering of your system
it cannot be properly secured anymore.)
1 file changed
tree: e63f49ba27d4191fc1ad8b7e4689a98af6efc3b4
  1. docs/
  2. lib/
  3. man/
  4. misc/
  5. po/
  6. python/
  7. src/
  8. tests/
  9. ABOUT-NLS
  10. AUTHORS
  11. autogen.sh
  12. ChangeLog
  13. configure.ac
  14. COPYING
  15. COPYING.LGPL
  16. FAQ
  17. INSTALL
  18. Makefile.am
  19. NEWS
  20. README
  21. README.md
  22. TODO
README.md

LUKS logo

What the ...?

Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module.

These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.

Project also includes veritysetup utility used to conveniently setup DMVerity block integrity checking kernel module.

LUKS Design

LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not
only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.
In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header,
enabling the user to transport or migrate his data seamlessly.

Why LUKS?

  • compatiblity via standardization,
  • secure against low entropy attacks,
  • support for multiple keys,
  • effective passphrase revocation,
  • free.

Project home page.

Frequently asked questions (FAQ)

Download

All release tarballs and release notes are hosted on kernel.org.

The latest cryptsetup version is 1.6.7

Previous versions

Source and API docs

For development version code, please refer to source page, mirror on kernel.org or GitHub.

For libcryptsetup documentation see libcryptsetup API page.

NLS PO files are maintained by TranslationProject.

Help!

Please always read FAQ first. For cryptsetup and LUKS related questions, please use the dm-crypt mailing list, [email protected].

If you want to subscribe just send an empty mail to [email protected].

You can also browse list archive or read it through web interface.