Change Hash-Spec and Iter-Time of dm-crypt LUKS Device – How to Guide

dm-cryptluks

How can I change the hash-spec and iter-time of an existing dm-crypt LUKS device?

Clearly I can pass the options if I create a new device, for example something like this:

 sudo cryptsetup luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 --iter-time 2100 --hash sha512 /dev/loop0

But if the device already exists, how can I change for example sha256 to sha1 or change the iteration time without "destroying" the device. (Clearly you would have to retype your password since a new hash will be generated.)

Best Answer

Each key slot has its own iteration time. If you want to change the number of iterations, create a new slot with the same passphrase and a new number of iterations, then remove the old slot.

cryptsetup -i 100000 --key-slot 2 luksAddKey $device
cryptsetup luksKillSlot $device 1

I think the hash algorithm cannot be configured per slot, it's always PBKDF2 with a globally-chosen hash function.

Recent versions of cryptsetup include a tool cryptsetup-reencrypt, which can change the main encryption key and all the parameters, but it is considered experimental (and it reencrypts the whole device even though this would not be necessary to merely change the password-based key derivation function).

Related Solutions

Why does LUKS need to generate hash values

The LUKS format has multiple key slots, each one may contain the encrypted master key that is used for data encryption. This master key is encrypted using another key which is derived from your passphrase.

Using plain hash_function(passphrase) to generate a key would be dumb as hashes such as sha1 can be calculated fast (SHA-1 is an example of a MAC algorithm, for authentication of a message, not to be used as plain for a password).

For data encryption based on a passphrase, you want the function to be slow to thwart brute-force attacks. For this purpose, PBKDF2 (password-based key derivation function) is used (see the excellent answers on this Sec.SE question for motivations and other examples).

derivedKey = PBKDF2(hash_function, passphrase, salt, iterations, derivedKeyLen)

The hash_function for my installation is sha1 as is shown in cryptsetup --help:

Default compiled-in key and passphrase parameters:
        Maximum keyfile size: 8192kB, Maximum interactive passphrase length 512 (characters)
Default PBKDF2 iteration time for LUKS: 1000 (ms)

Default compiled-in device cipher parameters:
        loop-AES: aes, Key 256 bits
        plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
        LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha1, RNG: /dev/urandom

The derived key length depends on the cipher used for data encryption. The number of iterations depends on your processor speed.

These details can be found in the manual page of cryptsetup (pbkdf2 should ring a bell). For other security details, see the FAQ of cryptsetup.

Set Label on dm-crypt+LUKS Container – How to Guide

I think the solution is to write udev rules like this.

KERNEL=="sd*", ENV{ID_FS_UUID}=="your-sdb1-uuid", ENV{ID_FS_LABEL}="Partition_1", ENV{ID_FS_LABEL_ENC}="Partition_1"
KERNEL=="sd*", ENV{ID_FS_UUID}=="your-sdb2-uuid", ENV{ID_FS_LABEL}="Partition_2", ENV{ID_FS_LABEL_ENC}="Partition_2"

Best Answer

Related Solutions

Why does LUKS need to generate hash values

Set Label on dm-crypt+LUKS Container – How to Guide

Related Question