Re: [dm-crypt] Securely erase LUKS header

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: hephey@lavabit.com
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] Securely erase LUKS header
Date: Sun, 10 Mar 2013 15:48:55 +0100	[thread overview]
Message-ID: <513C9D57.6070903@gmail.com> (raw)
In-Reply-To: <40727.130.226.154.66.1362921572.squirrel@lavabit.com>

On 10.3.2013 14:19, hephey@lavabit.com wrote:
> I'm having trouble calculating the amount of data I need to erase in the
> header.
>
> The af-stripes appears to be hardcoded to 4000, according to the
> specification [1].
>
> First I made an encrypted loop-device, using default options:
>
>    cryptsetup luksFormat /dev/loop0
>
> I then made a header backup, using
>
>    cryptsetup luksHeaderBackup --header-backup-file /tmp/header.img /dev/loop0
>
> The size of this backup (/tmp/header.img) is exactly 1.052.672 bytes,
> which fits with the number given in the FAQ (see 5.4) [2]. I'm asumming
> that cryptsetup's calculation is correct.

luksHeaderBackup in older versions saved header including alignment area
(not used area between keyslots and data offset start).
I later changed that to save only real used data, so the backup is smaller.
(Check the latest version, I think you get slightly smaller backup file.)

FYI - the layout is basically (* == alignment area, unused)

|LUKShdr|*|slot1|*|slot2|*| ... |slot8|*|CIPHERTEXT DATA
                                         ^ data payload offset (luksDump)
           ^1      ^2 ...  slots offsets (see luksDump)

Keyslot oofsets are always aligned to multiple of 4096 bytes, data area
alignment depends paramaters, ususally it is aligned to multiple of 1MiB.

So numbers are correct. (From above, the simplest method to erase
it is to use data offset and wipe everyting before that).

> However, if I set the amount of stripes to 4096 in the formula, I get the

Stripe count is always hardcoded to 4000 for LUKS1 format.

You just see bigger backup file because of data alignment mentioned above.

Milan

next prev parent reply	other threads:[~2013-03-10 14:49 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-10 13:19 [dm-crypt] Securely erase LUKS header hephey
2013-03-10 14:48 ` Milan Broz [this message]
2013-03-10 19:23 ` Arno Wagner
2013-03-13 21:45   ` [dm-crypt] hardware encryption lxnf98mm
2013-03-13 22:01     ` .. ink ..
2013-03-14 11:12       ` lxnf98mm
2013-03-14 12:16         ` Michael Stapelberg
2013-03-15 13:22           ` lxnf98mm
2013-03-14 13:14         ` Matthias Schniedermeyer
2013-03-14 20:50           ` Yves-Alexis Perez
2013-03-14 20:59             ` Yves-Alexis Perez
2013-03-15 16:18             ` Matthias Schniedermeyer
2013-03-14 16:20     ` Thomas Bächler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=513C9D57.6070903@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dm-crypt@saout.de \
    --cc=hephey@lavabit.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.