> On Mon, Dec 23, 2013 at 4:18 PM, Alex Pilon <alp [ at ] alexpilon [ dot ] ca> wrote: > > LUKS will randomly generate (and salt if I recall correctly) a > > master secret, and provide ten “slots” for weaker secrets (e.g., > > passwords, passphrases, or binary data of your chosing), which it'll > > run through PBKDF2. > On Thu, Jan 02, 2014 at 09:43:41AM -0500, Martin Hicks wrote: > This is close, but there is no "weaker" secret. I meant ‘likely weaker user-provided secret to unlock another secret’, given that it's usually human-generated, not ‘entirely randomly’ generated. > For each "slot" (of which I think there are 8) Yes. The man page and FAQ says there are eight. Don't recall where I got ten. > that is activated, the "Master" key is encrypted using the > passphrase/data that is provided when the slot is enabled/configured > (when you create a new LUKS device, there is only a single slot > activated). > > […] > > So, with multiple slots enabled the Master Key is encrypted multiple > times using different passphrases and PBKDF2. Poor formulation. That's what I meant. I left that implicit. > Later, when you're prompted for the passphrase to unlock the LUKS > device, cryptsetup loops through each enabled slot using the provided > passphrase and gets some Master Key as a result. It verifies (I can't > remember how...looks for a header?) There's a master key digest and salt in the LUKS header. Call `cryptsetup luksDump` to see them. The number of PBKDF2 iterations is also stored in the header and the salt for your passthrase are too. Presumably the result of your PBKDF2 run can be hashed and checked against the master key digest.