From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Mon, 2 Aug 2010 01:20:39 +0200 (CEST) Received: from compute1.internal (compute1.internal [10.202.2.41]) by gateway1.messagingengine.com (Postfix) with ESMTP id 3E3931A177C for ; Sun, 1 Aug 2010 19:20:38 -0400 (EDT) Message-Id: <1280704838.643.1387808231@webmail.messagingengine.com> From: "Willie" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii" References: <1280697096.16046.1387795841@webmail.messagingengine.com> <20100801230113.GA14693@tansi.org> In-Reply-To: <20100801230113.GA14693@tansi.org> Date: Sun, 01 Aug 2010 16:20:38 -0700 Subject: Re: [dm-crypt] Hosed encrypted drive. Is disaster recovery possible? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Mon, 02 Aug 2010 01:01 +0200, "Arno Wagner" wrote: > On Sun, Aug 01, 2010 at 02:11:36PM -0700, Willie wrote: > > Evening all, > > > > I'm not very hopeful of a positive response, but having just made my > > worst mistake in thirty years of computing I thought this would be where > > most of the relevant knowledge is. > > > > I have an external 1.5TB Seagate drive, encrypted with dm-crypt/luks and > > formatted xfs. > > > > In a state of dog-tiredness, thinking I was pointing at a USB stick, I > > have inadvertently wiped a few hundred MB of the beginning of this disk > > with: > > > > dd if=./archlinux-2010.05-netinstall-i686.iso of=/dev/sdc > > > > My question, as you might guess - is there any possibility of recovering > > the vast amount of data still on the drive? I could do it with an > > unencrypted disk, but I have no idea how to proceed in this case. > > > > Thanks for any suggestions. (I've managed not to cry so far...) > > > > Willie > > Hi Willie, > > sorry, but you will have wiped the salt in the header, which > makes recovery impossible. You will also have wiped all keys > (they take about the first 8.5MB), which again does make recovery > impossible. In fact, any recovery from this would mean that > LUKS is badly broken security-wise. > > The only protection against this type of error is (besides a > conventional backup), a header backup, see the FAQ at > http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions > > I did something similar recently, (tired and thinking I was blanking > an USB stick), fortunately I had a backup of the whole disk. But the > lession to me was: Hands away from dd and family when tired. > > Arno > Oh well. Some you lose. Chin up. Onward and upward, etc etc... Thanks for the replies lads. -- http://www.fastmail.fm - IMAP accessible web-mail