Re: [dm-crypt] is backing up the master key enough for data recovery if header is destroyed?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: Lara Michaels <laramichaels1978@yahoo.com>
Cc: "dm-crypt@saout.de" <dm-crypt@saout.de>
Subject: Re: [dm-crypt] is backing up the master key enough for data recovery if header is destroyed?
Date: Thu, 21 Jun 2012 17:28:07 +0200	[thread overview]
Message-ID: <4FE33D87.2030207@gmail.com> (raw)
In-Reply-To: <1340290716.32577.YahooMailNeo@web120705.mail.ne1.yahoo.com>

On 06/21/2012 04:58 PM, Lara Michaels wrote:
> From reading the FAQ, my understanding is that in the event the
> header getting destroyed I need ONE of the following for data
> recovery to be feasible:
> 
> - header backup + one passphrase - the master key
> 
> By "master key" I am referring to the 256 bits printed out in
> hexadecimal by "cryptsetup luksDump --dump-master-key [device]".
> 
> Is it correct that these 256 bits are by themselves sufficient to
> unlock the volume? Or would I still need the salt to be intact in the
> header? (My understanding from reading the FAQ is that the salt is
> not required if I have the master key.)

Yes. You need to know cipher name, mode and IV as well, but these
are easily to be brute-forced if lost.

Salt is not needed if you know volume (master) key directly.

Milan

     prev parent reply	other threads:[~2012-06-21 15:28 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-21 14:58 [dm-crypt] is backing up the master key enough for data recovery if header is destroyed? Lara Michaels
2012-06-21 15:28 ` Milan Broz [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4FE33D87.2030207@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dm-crypt@saout.de \
    --cc=laramichaels1978@yahoo.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.