Re: [dm-crypt] Corrupted luks partition, help needed

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Corrupted luks partition, help needed
Date: Thu, 3 Jun 2010 22:14:53 +0200	[thread overview]
Message-ID: <20100603201452.GA10428@tansi.org> (raw)
In-Reply-To: <AANLkTilbw9cBcxtCY6AZyAlbj0oW4knJICR-Y3hpKFLF@mail.gmail.com>

On Thu, Jun 03, 2010 at 09:05:59PM +0300, Panagiotis Malakoudis wrote:
> OK, I looked a bit more inside LUKS specification and I now know that the
> 128KB keyslot is actually the 32byte master key AF-split to 128KB and then
> encoded with my key. A single bit of change in these 128KB makes key
> invalid.
> 
> Now that I know all this, I consider the LUKS format fundamentally flawed to
> data corruption. 

It is. However this area should not be written by anything except
cryoptsetup. If you look closely basically every filesystem
and partition scheme is about as vulnerable. The thing is,
modern disks do not suffer single bit corruption easily. More
likely are whole lost sectors. 

> A single bit flip invalidates your key. cryptsetup should
> point that out this and suggest using at least two keyslots, just for
> precaution from data corruption. A second copy of the LUKS header 
> would also be of great help here.

The header backup is needed anyways. The anti-forensic property
is a treade-off between vulnerability to corruption and 
security. Using two keyslots will not help because
if you get your full-sector corruption (and that is what you
get in allmost all cases) in the header, everything is gone 
as well, because there is no way to reconstruct the salts.

So header+keyslot backyp is advisable in some cases, but it
decreases your security, for example old and invalidated
keyslots can be made to work again with such a backup.

It is not that simple and depends on the use case. I can 
understand your frustration though.

Arno 

> Fatality ...
> 
> On Thu, Jun 3, 2010 at 6:51 PM, Milan Broz <mbroz@redhat.com> wrote:
> 
> > On 06/03/2010 05:32 PM, Panagiotis Malakoudis wrote:
> > > I have a luks partition which was corrupted by failed disk i/o.
> > > Examining the partition, the first 512 bytes of the LUKS header is
> > > correct, then there is a corruption which I am not really sure how many
> > > sectors affected. Giving the correct key always returns: "No key
> > > available with this passphrase.". Since the first 512 bytes are correct,
> > > I guess all key information is unharmed. Is there a way to decrypt the
> > > partition, even loosing some sectors of data?
> >
> > If any part of the used keyslot (which is located after visible header,
> > - in you case starting at sector 8 to sector 264 (hope I calculated it
> > properly),
> > is modified or lost, you lost that keyslot completely.
> >
> > Because you have only one active keyslot, you probably lost the whole
> > disk:-(
> > (Only backup of this keyslot area can help here.)
> >
> > Milan
> >

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 