Re: [dm-crypt] about invalid key slots

[Arno Wagner <arno@wagner.name>]

On Mon, Apr 02, 2012 at 01:43:28AM -0400, .. ink .. wrote:
> On Sun, Apr 1, 2012 at 8:41 PM, .. ink .. <mhogomchungu@gmail.com> wrote:
> 
> > > $ sudo cryptsetup luksOpen /dev/sdc dsk
> > > LUKS keyslot 6 is invalid.
> > > LUKS keyslot 7 is invalid.
> >
> > A user with a problem with invalid key slots had the above in one of the
> > recent mailing list post.
> >
> > Does cryptsetup check all slots if they are valid before it tries to open
> > a volume and bail out when it finds an invalid one or does it give the
> > above error if it cant get a valid key on on valid key slots?
> >
> > example, if a valid slot was on slot number 1 and he entered a passphrase
> > that is on slot number 1.Would he have got the same error message?
> >
> > did cryptsetup went through all the valid keyslots, didnt find the key and
> > suspect that the key might be on the two invalid slots and reported the
> > error?
> >
> >
> >
> is it possible to get or how can i create a volume with an invalid key? i
> would lik3 to test this for my program zulucrypt but i cant seem to manage
> to corrupt a volume. The best i have got after trying for hours is
> inconsistency at best.
> 
> crypt_keyslot_status API shows the key is invalid but cryptsetup luksDump
> shown the key slot as disabled and cryptsetup executable just says the
> password does not exist when trying to open the volume with the a key in
> slot i try to make invalid

As far as I understand Milan, this is not the keyslot being
invalid, but its offset and/or size, i.e. the keyslot descriptor
in the header has been corrupted.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell