From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Size of LUKS header and how to overwrite
Date: Wed, 10 Feb 2016 20:21:21 +0100 [thread overview]
Message-ID: <20160210192121.GA31043@tansi.org> (raw)
In-Reply-To: <20160210131315.1991cca7@lustre.ryper.org>
On Wed, Feb 10, 2016 at 20:13:15 CET, Subscriptions wrote:
> Thank you very much, Argo, for clearing up these questions for me.
>
> When I said "bit" I was referring to the previously-mentioned bit of
> text that I was talking about. It was an ambiguous word to have used on
> my part. No confusion between a bit and a byte.
>
> And yes, I was getting confused between a byte and 512-byte sector. I
> spent some time with dd and its bs, skip, and count options on my
> device to fully understand where the 0 bytes stop and where the
> encrypted data begins.
>
> I took a backup of the data that I overwrote and then ran:
>
> dd if=/dev/urandom of=/dev/sda1 bs=512 count=8
That will have killed the header, not the key-slots. As the
header contains an unguessable salt, this is already pretty
secure.
To also kill the keyslots, run something like
dd if=/dev/urandom of=/dev/sda1 bs=512 count=4096
if you have "Payload offset: 4096". Or run
dd if=/dev/urandom of=/dev/sda1 bs=512 count=4095
just to be careful. This not really any less secure.
Regards,
Arno
>
> All is good and I am now able to boot my system from a detached header,
> which I had set up and tested beforehand.
>
> Again, thank you so much for these answers. On my next system I will be
> sure to start with a detached header.
>
> Rypervenche
>
> 在 Wed, 10 Feb 2016 00:28:19 +0100
> Arno Wagner <arno@wagner.name> 已寫入:
>
> > Hi,
> >
> > On Tue, Feb 09, 2016 at 22:28:24 CET, Rypervenche wrote:
> > > Thank you for your reply, Arno. I had two more questions for the
> > > mailing list, if it's not too much trouble.
> > >
> > > 1) Why would some of my LUKS header files be 2020 bytes while others
> > > are 2048? What would cause this difference? I can see nothing that
> > > might cause this to be different save for maybe the number of
> > > iterations between the two or a change to the cryptsetup program
> > > itself?
> >
> > That would be 2020 * 512 = 103424 bytes, the old 512-byte aligned
> > header. Then cryptsetup was changed to align to 1MB borders,
> > as that rleminates problems with 4096 byte sectors.
> >
> > > 2) As I see that my payload begins at byte 4097, does this mean that
> > > bytes 2049 (or 2021?) through 4096 are nothing important and can be
> > > overwritten at will?
> >
> > First, that is byte 2097152, i.e. 2MB for the start of data,
> > if you start counting at zero. Second, anything before the payload
> > start is either header or zeros, and can be overwritten with a
> > detached header.
> >
> > > I apologize if I somehow missed the information from the FAQs that
> > > you posted, I would just like to be 100% clear on this information
> > > (and clear up the 2020 vs. 2048 bit) before moving along with
> > > overwriting
> > The unit is not "bit", it is "sectors of 512 bytes".
> > > the beginning of my disk.
> >
> > You should really be clear between the difference of a "byte"
> > and a "512 byte-long sector" before overwriting anything.
> > You also should be clear about the difference between "byte"
> > (which is 8 bit) and "bit".
> >
> > Unless you really understand these, I would strongly recommend
> > against overwriting anything. Units are critical. If you get
> > them wrong, you may very well do permanent damage.
> >
> > Regards,
> > Arno
> >
> >
> > > Thank you for your patience with me and thank you for your help,
> > >
> > > Rypervenche
> > >
> > > 在 Tue, 9 Feb 2016 02:11:50 +0100
> > > Arno Wagner <arno@wagner.name> 已寫入:
> > >
> > > > Hi,
> > > >
> > > > FAQ Item 6.12 gives you the sizes and calculations:
> > > > https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions
> > > > Header size depends on several factors.
> > > >
> > > > However, you can take the "Payload offset" value and
> > > > multiply by 512. If you count from zero, that gives you the
> > > > first byte not to overwrite.
> > > >
> > > > You should however know that you cannot reliably delete
> > > > data from an SSD, see FAQ Item 5.19.
> > > >
> > > > Regards,
> > > > Arno
> > > >
> > > >
> > > > On Mon, Feb 08, 2016 at 23:02:27 CET, Rypervenche wrote:
> > > > > Hi all,
> > > > >
> > > > > I have LUKS on a GPT-partitioned SSD and I have recently been
> > > > > looking at moving my LUKS header off of the disk and onto a USB
> > > > > drive. I have my initramfs set up to do so, however I am not
> > > > > sure how much space to overwrite on my SSD to remove the header
> > > > > from it and replace it with random data.
> > > > >
> > > > > So, I am not sure how many bytes to remove from the beginning
> > > > > of my partition or what to set my --align-payload to. Any help?
> > > > > Below is some information that may be useful:
> > > > >
> > > > > ==========================================
> > > > > # cryptsetup luksDump /dev/sda1
> > > > > LUKS header information for /dev/sda1
> > > > >
> > > > > Version: 1
> > > > > Cipher name: aes
> > > > > Cipher mode: xts-plain64
> > > > > Hash spec: sha512
> > > > > Payload offset: 4096
> > > > > MK bits: 512
> > > > > ...
> > > > > ==========================================
> > > > >
> > > > > I have heard that the LUKS header should be 2MiB, but I have a
> > > > > few headers from previous LUKS-encrypted drives, and I see that
> > > > > some are 2020 bytes and others are 2048, I can't see what the
> > > > > differences are between them (as you can see one aes,
> > > > > xts-plain64, sha512 is 2020 and another is 2048).
> > > > >
> > > > > ==========================================
> > > > > # for i in *; do echo $(du -s $i | awk '{print $1}'): $(file $i
> > > > > | grep -oP '(?<=\[).*(?=\])'); done | sort -n 1028: aes,
> > > > > cbc-essiv:sha256, sha1 2020: aes, xts-plain64, sha1
> > > > > 2020: aes, xts-plain64, sha1
> > > > > 2020: aes, xts-plain64, sha512 (my current SSD that I want to do
> > > > > this to) 2048: aes, cbc-essiv:sha256, sha1
> > > > > 2048: aes, cbc-essiv:sha256, sha1
> > > > > 2048: aes, xts-plain64, sha512
> > > > > 2048: aes, xts-plain:sha256, sha1
> > > > > ==========================================
> > > > >
> > > > > And lastly, my partition setup:
> > > > >
> > > > > ==========================================
> > > > > # gdisk -l /dev/sda
> > > > > GPT fdisk (gdisk) version 1.0.1
> > > > >
> > > > > Partition table scan:
> > > > > MBR: protective
> > > > > BSD: not present
> > > > > APM: not present
> > > > > GPT: present
> > > > >
> > > > > Found valid GPT with protective MBR; using GPT.
> > > > > Disk /dev/sda: 500118192 sectors, 238.5 GiB
> > > > > Logical sector size: 512 bytes
> > > > > Disk identifier (GUID): 2ACE732B-C8D6-4E03-8E46-1D6A5B4D8CB0
> > > > > Partition table holds up to 128 entries
> > > > > First usable sector is 34, last usable sector is 500118158
> > > > > Partitions will be aligned on 2048-sector boundaries
> > > > > Total free space is 2014 sectors (1007.0 KiB)
> > > > >
> > > > > Number Start (sector) End (sector) Size Code Name
> > > > > 1 2048 500118158 238.5 GiB 8300 Linux
> > > > > filesystem ==========================================
> > > > >
> > > > > I would appreciate it it someone could let me know how I can
> > > > > find out exactly how many bytes I should be removing and what I
> > > > > should be setting my --align-payload to.
> > > > >
> > > > > Thank you,
> > > > >
> > > > > Rypervenche
> > > > > _______________________________________________
> > > > > dm-crypt mailing list
> > > > > dm-crypt@saout.de
> > > > > http://www.saout.de/mailman/listinfo/dm-crypt
> > > >
> > >
> > > _______________________________________________
> > > dm-crypt mailing list
> > > dm-crypt@saout.de
> > > http://www.saout.de/mailman/listinfo/dm-crypt
> >
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2016-02-10 19:21 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-08 22:02 [dm-crypt] Size of LUKS header and how to overwrite Rypervenche
2016-02-09 1:11 ` Arno Wagner
2016-02-09 21:28 ` Rypervenche
2016-02-09 23:28 ` Arno Wagner
2016-02-10 19:13 ` Subscriptions
2016-02-10 19:21 ` Arno Wagner [this message]
2016-02-10 19:41 ` Subscriptions
2016-02-10 20:02 ` Michael Kjörling
2016-02-10 20:07 ` Sven Eschenberg
2016-02-10 20:13 ` Michael Kjörling
2016-02-10 20:29 ` Sven Eschenberg
2016-02-10 21:50 ` Arno Wagner
2016-02-10 22:07 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160210192121.GA31043@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.