From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195]) by mail.saout.de (Postfix) with ESMTP for ; Fri, 7 Jan 2011 00:55:11 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by tansi.org (Postfix) with ESMTPA id 97BD9121835A for ; Fri, 7 Jan 2011 00:55:11 +0100 (CET) Date: Fri, 7 Jan 2011 00:55:10 +0100 From: Arno Wagner Message-ID: <20110106235510.GA31752@tansi.org> References: <4D25E0E0.5000808@obiwahn.org> <20110106193135.GB26480@tansi.org> <20110106210842.GA13407@resivo.wgnet.de> MIME-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20110106210842.GA13407@resivo.wgnet.de> Subject: Re: [dm-crypt] recover old crypt partition List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Thu, Jan 06, 2011 at 10:08:42PM +0100, Jonas Meurer wrote: > Hey, >=20 > On 06/01/2011 Arno Wagner wrote: > > On Thu, Jan 06, 2011 at 04:33:52PM +0100, Jan Christoph Uhde wrote: > > > > Is this plain dm-crypt? > > > > > > i used cryptsetup in debian sid > >=20 > > Yes, but did you create a LUKS partition or a plain dm-crypt one? > > The default would have been dm-crypt. Hmm. That would mean the cipher= =20 > > is probably the old default of aes-cbc-plain. Can anybody confirm that > > for Debian SID? >=20 > what do you mean with "the default". it highly depends on the method > that was used to encrpyt the device. was it done during installation > process (debian-installer), with the shipped luksformat script, with > some graphical frontend (gnome-device-manager, gnome-disk-utility, ...) > or by invoking cryptsetup directly (with which commandline arguments?). >=20 > the default cipher depends on the cryptsetup package version used when > the decive was encrypted. That is why I asked. And you are right, a commandline default does not cut it, more information is needed.=20 Well, at least whether it was LUKS or not is easily answered. A look into a hexdump of the start of the device will show the magic string "LUKS" right at the start. Options to get that: - hd /dev/ | head - hexdump /dev/ | head - hex /dev/ | head and possibly a few others. Example from my LUKS test container in a file: R gatewagner:~/f/luks# hd luksfile | head 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS=BA=BE..ae= s.....| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |..............= =2E.| 00000020 00 00 00 00 00 00 00 00 63 62 63 2d 65 73 73 69 |........cbc-es= si| 00000030 76 3a 73 68 61 32 35 36 00 00 00 00 00 00 00 00 |v:sha256......= =2E.| 00000040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |........sha1..= =2E.| If it looks completely random though, it is likely plain dm-crypt. Arno --=20 Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.nam= e=20 GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of=20 "news" is "something that hardly ever happens." -- Bruce Schneier=20