If one enters a password to unlock a LUKS volume and the memory from the running machine is dumped at a later date will the actual LUKS password be revealed/ is stored in memory or does the password unlock a key or something that is then stored in memory?

Basically will a memory dump of a LUKS volume reveal the actual password or just an unlock key for the volume?

Going to ask the same question on the Veracrypt forum but if anyone knows how Veracrypt behaves in the same situation please feel free to include your thoughts.

Just what do you mean by "memory dump of a LUKS volume"? A LUKS volume is something that exists on a storage device, not in memory (RAM), at least long as we ignore cases like ramdisks or tmpfs filesystems that exist only in memory. The password is never stored in the LUKS volume, and the kernel and tools take pains not to hold it in memory any longer than necessary. That need ends once the master key for the volume has been reconstructed. That master key is stored only in encrypted form (encrypted by the password) in the LUKS volume. While the LUKS volume is unlocked, that master key is present in kernel memory, and there are several ways, including memory dump, to reveal it ("dmsetup table --showkeys ..." being the most straightforward).

1 members found this post helpful.

Question answered. The master key is present but the password is not for the most part.

@rknichols do you know if a Veracrypt/ Truecrypt container behaves the same way (password unlocks master key)?