Re: [dm-crypt] LUKS header size

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <mbroz@redhat.com>
To: Alexander Konovalenko <alexkon@gmail.com>
Cc: dm-crypt@saout.de, Arno Wagner <arno@wagner.name>
Subject: Re: [dm-crypt] LUKS header size
Date: Tue, 03 Aug 2010 13:02:26 +0200	[thread overview]
Message-ID: <4C57F742.1050707@redhat.com> (raw)
In-Reply-To: <AANLkTi=6RytcDRKMUtvajjjT3z9TB_u6QTSS1Xo7dV0U@mail.gmail.com>

On 08/03/2010 12:41 PM, Alexander Konovalenko wrote:
> On Mon, Aug 2, 2010 at 05:01, Arno Wagner <arno@wagner.name> wrote:
>>
>> sorry, but you will have wiped the salt in the header, which
>> makes recovery impossible. You will also have wiped all keys
>> (they take about the first 8.5MB), which again does make recovery
>> impossible. In fact, any recovery from this would mean that
>> LUKS is badly broken security-wise.
> 
> 8.5 MB? I thought a LUKS header usually takes only 2056 512-byte
> sectors, which is slightly more than 1 MiB. I wonder where does that
> belief come from. Almost all LUKS partitions I've been dealing with
> have been created by Ubuntu's debian-installer. So debian-installer's
> default must be the culprit.

LUKS header is just 2 sectors, but keyslots are quite large.
Read http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Backup_and_Data_Recovery

> What's the recommended LUKS header size?

There is no such thing. Allocated size depends on used key size and device alignment.
With 512bits key is area used for LUKS usually 4040 sectors (unaligned, ~2MB)
(it is LUKS header + reserved space for 8 keyslots)

Just check luksDump & "Payload" offset.

Milan

next prev parent reply	other threads:[~2010-08-03 11:02 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-03 10:41 [dm-crypt] LUKS header size Alexander Konovalenko
2010-08-03 11:02 ` Milan Broz [this message]
2010-08-03 11:18 ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C57F742.1050707@redhat.com \
    --to=mbroz@redhat.com \
    --cc=alexkon@gmail.com \
    --cc=arno@wagner.name \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.