LinuxQuestions.org - dm-crypt attack

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - dm-crypt attack (https://www.linuxquestions.org/questions/linux-security-4/dm-crypt-attack-844063/)

Hello, I'm trying to find where the dm-crypt hash key is stored. I found a princeton article where they captured the key from RAM and used it to decrypt the whole disk. My question is more about the algorithm and where the key is stored on file within the system. I assume the passphrase is stored locally (or on a USB) because how would the system know what to compare it to? I assume the passphrase is not stored in the shadow file, but could be wrong.

thanks
security newbie here

The key is not stored (apart from being used in RAM to decrypt the volume).

The encryption algorithm is chosen when the volume is created. There are many encryption modules to choose from, including aes and twofish, and a number of passphrase hash functions, including ripemd160:

Code:

ls /lib/modules/$(uname -r)/kernel/crypto

The passphrase is not stored; it is used to mount the volume. There is no need to compare the passphrase (or actual key) with anything; if it is incorrect, then the volume will not mount because the decryption will produce invalid data.

The key could be stored as a way of automating the mount, but this would seem to defeat the purpose of encrypting the drive.