From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] LVM on LUKS: volumes missing
Date: Sat, 4 Jun 2016 10:06:36 +0200 [thread overview]
Message-ID: <20160604080636.GA12882@tansi.org> (raw)
In-Reply-To: <nit1ct$vgf$1@ger.gmane.org>
On Sat, Jun 04, 2016 at 00:46:53 CEST, Robert Nichols wrote:
> On 06/03/2016 04:42 PM, Arno Wagner wrote:
> >One thing is that these problems are pretty hard to debug.
> >Another is that LVM massively complicates things.
> >
> >Now, if the LUKS container opens cleanly, anything
> >in it should be decrypted correctly (if it is LVM
> >atop of LUKS) and decryption with the wrong key is
> >not actually a possibility.
> >
> >That also means you should be able to use LVM
> >recovery techniques (I assume they exist) on this.
> >
> >Unfortunately, I cannot help you with LVM as I do not use
> >it. I consider it a badly engineered, overly complicated
> >thing that decreases reliablity and makes problem
> >diagnostics very hard.
>
> If the ASCII strings "LABELONE" and "LVM2" cannot be seen in the
> first few sectors of the volume, then that volume is either
> overwritten or not being decrypted correctly. LVM keeps quite a bit
> of easily recognized ASCII data in the volume header.
>
> In this case the fragile link seems to be the LUKS detached header,
> as I believe there is nothing to associate that header with a device
> and precise starting point for the payload. Yes, there is a check
> that the master key was reconstructed correctly. Now the question is
> what, if anything, does this key decrypt.
That is the one thing with a detached header: As the sector
number goes into the decryption, decryption must start at the
right place. If it does, it will becorrect with LUKS. If not,
"random" data should result with XTS mode, I agree.
Now, in theory it would be possible to try each possible offset
from the start of the device (depends on how the partition
for the LUKS container was created), until some (later) part
of the decrypted data has some deviation from uniform
distribution in byte-counts.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2016-06-04 8:06 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-30 21:54 [dm-crypt] LVM on LUKS: volumes missing fauno
2016-05-31 7:53 ` Ondrej Kozina
2016-05-31 7:53 ` [linux-lvm] " Ondrej Kozina
2016-05-31 13:17 ` fauno
2016-06-02 13:22 ` Ondrej Kozina
2016-06-02 13:39 ` fauno
2016-06-02 13:52 ` fauno
2016-06-02 14:50 ` Zdenek Kabelac
2016-06-02 15:09 ` fauno
2016-06-02 15:20 ` Zdenek Kabelac
2016-05-31 12:52 ` Robert Nichols
2016-05-31 14:54 ` fauno
2016-06-02 12:57 ` fauno
2016-06-02 18:31 ` Robert Nichols
2016-06-03 21:42 ` Arno Wagner
2016-06-03 22:46 ` Robert Nichols
2016-06-04 8:06 ` Arno Wagner [this message]
2016-06-07 14:24 ` fauno
-- strict thread matches above, loose matches on Subject: below --
2016-05-30 21:26 fauno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160604080636.GA12882@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.