[dm-crypt] LUKS header size

[dm-crypt] LUKS header size

[Alexander Konovalenko]

On Mon, Aug 2, 2010 at 05:01, Arno Wagner <arno@wagner.name> wrote:
>
> sorry, but you will have wiped the salt in the header, which
> makes recovery impossible. You will also have wiped all keys
> (they take about the first 8.5MB), which again does make recovery
> impossible. In fact, any recovery from this would mean that
> LUKS is badly broken security-wise.

8.5 MB? I thought a LUKS header usually takes only 2056 512-byte
sectors, which is slightly more than 1 MiB. I wonder where does that
belief come from. Almost all LUKS partitions I've been dealing with
have been created by Ubuntu's debian-installer. So debian-installer's
default must be the culprit.

What's the recommended LUKS header size?

 -- Alexander

Re: [dm-crypt] LUKS header size

[Milan Broz]

On 08/03/2010 12:41 PM, Alexander Konovalenko wrote:
> On Mon, Aug 2, 2010 at 05:01, Arno Wagner <arno@wagner.name> wrote:
>>
>> sorry, but you will have wiped the salt in the header, which
>> makes recovery impossible. You will also have wiped all keys
>> (they take about the first 8.5MB), which again does make recovery
>> impossible. In fact, any recovery from this would mean that
>> LUKS is badly broken security-wise.
> 
> 8.5 MB? I thought a LUKS header usually takes only 2056 512-byte
> sectors, which is slightly more than 1 MiB. I wonder where does that
> belief come from. Almost all LUKS partitions I've been dealing with
> have been created by Ubuntu's debian-installer. So debian-installer's
> default must be the culprit.

LUKS header is just 2 sectors, but keyslots are quite large.
Read http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Backup_and_Data_Recovery

> What's the recommended LUKS header size?

There is no such thing. Allocated size depends on used key size and device alignment.
With 512bits key is area used for LUKS usually 4040 sectors (unaligned, ~2MB)
(it is LUKS header + reserved space for 8 keyslots)

Just check luksDump & "Payload" offset.

Milan

Re: [dm-crypt] LUKS header size

[Arno Wagner]

Look into the FAQ under "What does the on-disk structure of LUKS look 
like?"

Arno

On Tue, Aug 03, 2010 at 04:41:33PM +0600, Alexander Konovalenko wrote:
> On Mon, Aug 2, 2010 at 05:01, Arno Wagner <arno@wagner.name> wrote:
> >
> > sorry, but you will have wiped the salt in the header, which
> > makes recovery impossible. You will also have wiped all keys
> > (they take about the first 8.5MB), which again does make recovery
> > impossible. In fact, any recovery from this would mean that
> > LUKS is badly broken security-wise.
> 
> 8.5 MB? I thought a LUKS header usually takes only 2056 512-byte
> sectors, which is slightly more than 1 MiB. I wonder where does that
> belief come from. Almost all LUKS partitions I've been dealing with
> have been created by Ubuntu's debian-installer. So debian-installer's
> default must be the culprit.
> 
> What's the recommended LUKS header size?
> 
>  -- Alexander
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier