Re: [dm-crypt] does luksDump guarantee header integrity?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] does luksDump guarantee header integrity?
Date: Sat, 23 Mar 2013 15:48:16 +0100	[thread overview]
Message-ID: <20130323144816.GA7389@tansi.org> (raw)
In-Reply-To: <kikcfa$vre$1@ger.gmane.org>

On Sat, Mar 23, 2013 at 08:59:08AM -0500, Robert Nichols wrote:
> On 03/23/2013 12:38 AM, hank wrote:
> >Hi,
> >
> >I accidentally "formatted" an encrypted partition with mkfs.nilfs2
> >(incl. -K option). Luckily mkfs.nilfs2 normally only overwrites data
> >after 1024 bytes from the start of the block device, so the LUKS header
> >should have remained intact.
> 
> The LUKS header, including the key material, is roughly a half Megabyte
> in size. The key material, expanded and broken up into 4000 stripes for
> each key slot, follows the 592-byte LUKS partition header (PHDR). Your
> accidental formatting left the parameters in the PHDR and the
> descriptors for first 6 key slots untouched, but overwrote the actual
> key material.  Without a backup of the entire ~.5MB LUKS header you
> cannot obtain the master key, and your data is unrecoverable.

Unfortunately, that is accuirate. Just to be sure, you can run the
LUKS keyslot cheker included in the newer sources and found unter 
/cryptsetup-1.6.0/misc/keyslot_checker/. It has to be built separately
(just call "make" in its directory) after installing cryptsetuo
from the same package (or one that has the features the keyslot
checker needs). It will check each in-use keyslot for overwritten
areas. If there are any, that keyslot becomes unusable and 
unrecoverable.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell

next prev parent reply	other threads:[~2013-03-23 14:48 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-23  5:38 [dm-crypt] does luksDump guarantee header integrity? hank
2013-03-23 13:59 ` Robert Nichols
2013-03-23 14:48   ` Arno Wagner [this message]
2013-03-23 15:27     ` hank

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130323144816.GA7389@tansi.org \
    --to=arno@wagner.name \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.