From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] No key available with this passphrase.
Date: Wed, 11 Jun 2014 05:53:53 +0200 [thread overview]
Message-ID: <20140611035353.GA31003@tansi.org> (raw)
In-Reply-To: <20140610163755.GJ17208@gmail.com>
Hi,
the typical problems after updates are missing ciphers
(gives a differen error) and changes character encoding.
If, you have some non ISO-7-bit characters in you
passphrase and are going from some byte encoding to
UTF-8, the binary representation will change completely,
see also FAQ item 1.2.
The only way to deal with that is to somehow reconstruct
old passphrase encoding and unlock with that.
In order to look at the encoding of special haracters,
you can do something like this:
1. echo "x" > test
2. hd test
with x replaced by the special character.
Arno
On Tue, Jun 10, 2014 at 18:37:55 CEST, Ryan Delaney wrote:
> Hello,
>
> I have a RAID5 array composed of three (3x3GB) disks:
>
> > $ sudo mdadm --misc --detail /dev/md0
> > /dev/md0:
> > Version : 1.2
> > Creation Time : Tue Nov 13 16:54:29 2012
> > Raid Level : raid5
> > Array Size : 5860268032 (5588.79 GiB 6000.91 GB)
> > Used Dev Size : 2930134016 (2794.39 GiB 3000.46 GB)
> > Raid Devices : 3
> > Total Devices : 3
> > Persistence : Superblock is persistent
> >
> > Update Time : Tue Jun 10 08:08:15 2014
> > State : clean
> > Active Devices : 3
> >Working Devices : 3
> > Failed Devices : 0
> > Spare Devices : 0
> >
> > Layout : left-symmetric
> > Chunk Size : 512K
> >
> > Name : mothership:0 (local to host mothership)
> > UUID : 02aff219:f7f6840c:9aaf506f:1ce273b0
> > Events : 58
> >
> > Number Major Minor RaidDevice State
> > 0 8 65 0 active sync /dev/sde1
> > 1 8 81 1 active sync /dev/sdf1
> > 3 8 97 2 active sync /dev/sdg1
>
> There are two partitions on the disk. md0p1 is 500gb and I use it to store
> encrypted data. md0p2 uses the remaining 5.5GB for non-secure long term
> storage.
>
> On June 1, I migrated from truecrypt and created a new volume on md0p1. From
> journalctl:
>
> > sudo /usr/bin/cryptsetup -v luksFormat /dev/md0p1
> > sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> > sudo /usr/bin/mkfs -t ext4 /dev/mapper/crypt
> > sudo /usr/bin/mount /dev/mapper/crypt /media/crypt
>
> It was initialized with a passphrase that I have stored in a gpg encrypted
> file. I worked with the volume open for about a day and copied data into it without
> any issue. Satisfied, I uninstalled truecrypt.
>
> Shortly thereafter, kernel updates, systemd, and various others were pulled
> through the archlinux core repository. Pacman update log: http://sprunge.us/KLJL
>
> After applying these updates, I rebooted the system. I find myself unable to
> open the partition with cryptsetup:
>
> > $ sudo /usr/bin/cryptsetup open --type luks /dev/md0p1 crypt
> > Enter passphrase for /dev/md0p1:
> > No key available with this passphrase.
> > Enter passphrase for /dev/md0p1:
>
> Output of luksDump:
>
> > LUKS header information for /dev/md0p1
> >
> >Version: 1
> >Cipher name: aes
> >Cipher mode: xts-plain64
> >Hash spec: sha1
> >Payload offset: 4096
> >MK bits: 256
> >MK digest: ef 1e 13 6f 79 2a bd 0e 09 81 ae d9 3d 61 68 c9 42 ad 67 25
> >MK salt: 8d d1 4c 5b b8 76 12 43 fd 62 b3 e8 0e 70 6e 85
> > fd c6 56 30 84 dd c0 d7 87 45 1a ab 3d 02 39 4e
> >MK iterations: 99500
> >UUID: e2aa27d7-d0bf-469a-ad77-0c197a3f2d70
> >
> >Key Slot 0: ENABLED
> > Iterations: 419671
> > Salt: 5c db 57 29 7e 15 fc f7 64 95 c0 78 31 15 08 7d
> > cd 55 a2 f5 39 ba 5f 51 9c 0b 09 c5 a2 51 84 f1
> > Key material offset: 8
> > AF stripes: 4000
> >Key Slot 1: DISABLED
> >Key Slot 2: DISABLED
> >Key Slot 3: DISABLED
> >Key Slot 4: DISABLED
> >Key Slot 5: DISABLED
> >Key Slot 6: DISABLED
> >Key Slot 7: DISABLED
>
> Is it possible that the updates are interfering in any way? What can I do to
> troubleshoot this?
> --
> Regards,
> Ryan Delaney
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. - Plato
next prev parent reply other threads:[~2014-06-11 3:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-10 16:37 [dm-crypt] No key available with this passphrase Ryan Delaney
2014-06-11 3:53 ` Arno Wagner [this message]
-- strict thread matches above, loose matches on Subject: below --
2017-04-29 18:27 Hammad Siddiqi
2013-06-10 15:40 Packets
2013-06-10 15:42 ` Packets
2013-06-10 18:21 ` Milan Broz
2013-06-22 5:24 ` Packets
2013-06-22 10:32 ` Arno Wagner
2013-06-28 11:27 ` Packets
2013-06-10 20:55 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140611035353.GA31003@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.