Quote:
Originally Posted by schnappi
Basically will a memory dump of a LUKS volume reveal the actual password or just an unlock key for the volume?
|
Just what do you mean by "memory dump of a LUKS volume"? A LUKS volume is something that exists on a storage device, not in memory (RAM), at least long as we ignore cases like ramdisks or tmpfs filesystems that exist only in memory. The password is never stored in the LUKS volume, and the kernel and tools take pains not to hold it in memory any longer than necessary. That need ends once the master key for the volume has been reconstructed. That master key is stored only in encrypted form (encrypted by the password) in the LUKS volume. While the LUKS volume is unlocked, that master key is present in kernel memory, and there are several ways, including memory dump, to reveal it ("
dmsetup table --showkeys ..." being the most straightforward).