cryptsetup passphrase when no devicelock code set?

asked 2020-05-14 21:04:03 +0200

Sunny gravatar image

Hello, I'm not familar with LUKS/cryptsetup, but basics are well clear.

What passphrase do I have to use if I haven't set any devcielock code during phone setup (after flashing Rokua)? I can't mount mapper/sailfish-home, nor does cryptsetup(8) accept a empty passphrase (no key matching that passphrase found).

Thanks for any hints!

edit retag flag offensive close delete

Comments

I would say encryption is not possible, when you have no lock code.

ExPLIT ( 2020-05-15 02:57:30 +0200 )edit

'cryptsetup luksDump /dev/mapper/sailfish-home' clearly shows that slot0 has active key (although no devicelock code was set). But with what passphrase? Couldn't find a '--allow-empty-passphrase' switch, but as mentioned, I'm not familar with LUKS/cryptsetup.

I'd prefer to disable LUKS completely. The whole security relies on the obstacle to hack the devicecode check when booting the recovery image. I'd bet this is a peace of cake for any semi-ambitioned arm hacker. Afterwards you extract the LUKS header and you will be able to get the passphrase within reasonable time on commodity hardware even for 12 digit pins. [[:digit:]] limitation for passphrase is a very severe security issue and makes useres think their data is safe, while it is absolutely not safe! Probably one just need to boot the aurora-recovery-image to copy the LUKS headers in order to break the "passphrase". Sadly this seems to be widely unclear :-(

Sunny ( 2020-05-15 10:31:19 +0200 )edit