When I read the manpage for
cryptsetup on Linux about “Plain mode” it says:
Plain dm-crypt encrypts the device sector-by-sector with a single,
non-salted hash of the passphrase.
-c option says:
--cipher, -c <cipher-spec> Set the cipher specification string. cryptsetup --help shows the compiled-in defaults. The current default in the distrib‐ uted sources is "aes-cbc-essiv:sha256" for both plain dm-crypt and LUKS.
aes-cbc-essiv:sha256 mean that for each sector of my harddrive a sha256 hash of the passphrase is also stored in the sector?
If that is the case: What is the purpose of storing the hashed passphrase so many times?
You quoted part of the man page – out of context.
Let’s look at it in context:
Plain dm-crypt encrypts the device sector-by-sector with a single, non-salted hash of the passphrase. No checks are performed, no metadata is used. There is no formatting operation.
Nothing but the encrypted data is stored when using plain dm-crypt.
P.S. Don’t use plain dm-crypt. The reasons why are at the very top of the same man page.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.