* [dm-crypt] valid passphrase not accepted @ 2010-10-27 12:15 ts0 2010-10-27 14:01 ` Arno Wagner 2010-10-27 14:39 ` Heinz Diehl 0 siblings, 2 replies; 8+ messages in thread From: ts0 @ 2010-10-27 12:15 UTC (permalink / raw) To: dm-crypt Hello everybody, i have a serious problem regarding a luks-encrypted raid10 on gentoo linux 64 bit. after rebooting i wasn´t able to unlock the luks-partition. the luks header is there. the kernel configuration hasn´t changed (all ciphers are integrated). the passphrase is valid but not accepted. even if i boot with a gentoo live cd and want to open the luks partition it isn´t possible. any suggestions. i hope someone can help me. thanks ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] valid passphrase not accepted 2010-10-27 12:15 [dm-crypt] valid passphrase not accepted ts0 @ 2010-10-27 14:01 ` Arno Wagner 2010-10-27 14:39 ` Heinz Diehl 1 sibling, 0 replies; 8+ messages in thread From: Arno Wagner @ 2010-10-27 14:01 UTC (permalink / raw) To: dm-crypt Is this a new LUKS container? If so, you most likely made a mistake on password entry or have a changed keymap. Please make absolutely sure that is not the case. Arno On Wed, Oct 27, 2010 at 02:15:44PM +0200, ts0@dotlike.net wrote: > Hello everybody, > > i have a serious problem regarding a luks-encrypted raid10 on gentoo > linux 64 bit. > > after rebooting i wasn?t able to unlock the luks-partition. > the luks header is there. the kernel configuration hasn?t changed (all > ciphers are integrated). the passphrase is valid but not accepted. > > even if i boot with a gentoo live cd and want to open the luks partition > it isn?t possible. any suggestions. > > i hope someone can help me. > > thanks > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] valid passphrase not accepted 2010-10-27 12:15 [dm-crypt] valid passphrase not accepted ts0 2010-10-27 14:01 ` Arno Wagner @ 2010-10-27 14:39 ` Heinz Diehl 2010-10-27 15:56 ` Arno Wagner 1 sibling, 1 reply; 8+ messages in thread From: Heinz Diehl @ 2010-10-27 14:39 UTC (permalink / raw) To: dm-crypt On 27.10.2010, ts0@dotlike.net wrote: > after rebooting i wasn´t able to unlock the luks-partition. > the luks header is there. the kernel configuration hasn´t changed > (all ciphers are integrated). the passphrase is valid but not > accepted. A shot in the dark: do you use the same keymapping when you're entering the passphrase as you did while LUKS-formatting the drive? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] valid passphrase not accepted 2010-10-27 14:39 ` Heinz Diehl @ 2010-10-27 15:56 ` Arno Wagner 2010-10-27 16:07 ` Rick Moritz 0 siblings, 1 reply; 8+ messages in thread From: Arno Wagner @ 2010-10-27 15:56 UTC (permalink / raw) To: dm-crypt I am currently assisting the OP offline. Seems the LUKS header was overwritten in some fashion. Arno On Wed, Oct 27, 2010 at 04:39:23PM +0200, Heinz Diehl wrote: > On 27.10.2010, ts0@dotlike.net wrote: > > > after rebooting i wasn?t able to unlock the luks-partition. > > the luks header is there. the kernel configuration hasn?t changed > > (all ciphers are integrated). the passphrase is valid but not > > accepted. > > A shot in the dark: do you use the same keymapping when you're entering > the passphrase as you did while LUKS-formatting the drive? > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] valid passphrase not accepted 2010-10-27 15:56 ` Arno Wagner @ 2010-10-27 16:07 ` Rick Moritz 2010-10-27 16:16 ` Arno Wagner 2010-10-27 16:23 ` Heinz Diehl 0 siblings, 2 replies; 8+ messages in thread From: Rick Moritz @ 2010-10-27 16:07 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 2138 bytes --] Considering the amount of traffic on the list regarding issues like this, maybe future versions of dm-crypt should issue an annoying warning when creating LUKS-format mapped devices, about how a backup of the header is STRONGLY recommended, with data loss due to accidental overwriting of the header being the number one reason for data loss. Possibly even with explicit instructions on how to perform a backup, so that users can simply copy and paste the command-line and adjust their device names. Adding a flag to turn the warning off for unattended set-ups (or whatever reason) should make this have minimum negative impact. (I haven't used LUKS yet, so I can't verify whether something like this is implemented already -- if it is, excuse the redundancy...) Best of luck to the OP.... On Wed, Oct 27, 2010 at 5:56 PM, Arno Wagner <arno@wagner.name> wrote: > I am currently assisting the OP offline. Seems the LUKS > header was overwritten in some fashion. > > Arno > > On Wed, Oct 27, 2010 at 04:39:23PM +0200, Heinz Diehl wrote: > > On 27.10.2010, ts0@dotlike.net wrote: > > > > > after rebooting i wasn?t able to unlock the luks-partition. > > > the luks header is there. the kernel configuration hasn?t changed > > > (all ciphers are integrated). the passphrase is valid but not > > > accepted. > > > > A shot in the dark: do you use the same keymapping when you're entering > > the passphrase as you did while LUKS-formatting the drive? > > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: > arno@wagner.name > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 > 338F > ---- > Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > [-- Attachment #2: Type: text/html, Size: 3073 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] valid passphrase not accepted 2010-10-27 16:07 ` Rick Moritz @ 2010-10-27 16:16 ` Arno Wagner 2010-10-27 16:23 ` Heinz Diehl 1 sibling, 0 replies; 8+ messages in thread From: Arno Wagner @ 2010-10-27 16:16 UTC (permalink / raw) To: dm-crypt I think this will not help and is not the way to do it. The FAQ already addresses all these questions and it is part of the cryptsetup packages. Those that read documentation will be sufficiently warned. The others will ignore a warning that cryptsetup gives them as well. The second problem is that a LUKS header backup is a security risk, so we cannot recommend it in general. And we cannot recommend it conditionally without going into more detail (as the FAQ, again, does on this question). Anyways, the people hit are those without data backup. They can just as easily be hit by a dead disk or other data-loss scenario. We can not solve that for them. There are also quite a few people that do not understand how their header got corrupted and they all specific help. Arno On Wed, Oct 27, 2010 at 06:07:04PM +0200, Rick Moritz wrote: > Considering the amount of traffic on the list regarding issues like this, > maybe future versions of dm-crypt should issue an annoying warning when > creating LUKS-format mapped devices, about how a backup of the header is > STRONGLY recommended, with data loss due to accidental overwriting of the > header being the number one reason for data loss. > Possibly even with explicit instructions on how to perform a backup, so that > users can simply copy and paste the command-line and adjust their device > names. > Adding a flag to turn the warning off for unattended set-ups (or whatever > reason) should make this have minimum negative impact. > (I haven't used LUKS yet, so I can't verify whether something like this is > implemented already -- if it is, excuse the redundancy...) > > Best of luck to the OP.... > > On Wed, Oct 27, 2010 at 5:56 PM, Arno Wagner <arno@wagner.name> wrote: > > > I am currently assisting the OP offline. Seems the LUKS > > header was overwritten in some fashion. > > > > Arno > > > > On Wed, Oct 27, 2010 at 04:39:23PM +0200, Heinz Diehl wrote: > > > On 27.10.2010, ts0@dotlike.net wrote: > > > > > > > after rebooting i wasn?t able to unlock the luks-partition. > > > > the luks header is there. the kernel configuration hasn?t changed > > > > (all ciphers are integrated). the passphrase is valid but not > > > > accepted. > > > > > > A shot in the dark: do you use the same keymapping when you're entering > > > the passphrase as you did while LUKS-formatting the drive? > > > > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@saout.de > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > > -- > > Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: > > arno@wagner.name > > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 > > 338F > > ---- > > Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > > > > If it's in the news, don't worry about it. The very definition of > > "news" is "something that hardly ever happens." -- Bruce Schneier > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] valid passphrase not accepted 2010-10-27 16:07 ` Rick Moritz 2010-10-27 16:16 ` Arno Wagner @ 2010-10-27 16:23 ` Heinz Diehl 2010-10-27 18:57 ` Arno Wagner 1 sibling, 1 reply; 8+ messages in thread From: Heinz Diehl @ 2010-10-27 16:23 UTC (permalink / raw) To: dm-crypt On 27.10.2010, Rick Moritz wrote: > Considering the amount of traffic on the list regarding issues like this, > maybe future versions of dm-crypt should issue an annoying warning when > creating LUKS-format mapped devices, about how a backup of the header is > STRONGLY recommended No, it's not. Read the FAQ, especially item nr.2 and the answer from Clemens: http://www.saout.de/tikiwiki/tiki-index.php?page=LUKSFaq ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dm-crypt] valid passphrase not accepted 2010-10-27 16:23 ` Heinz Diehl @ 2010-10-27 18:57 ` Arno Wagner 0 siblings, 0 replies; 8+ messages in thread From: Arno Wagner @ 2010-10-27 18:57 UTC (permalink / raw) To: dm-crypt On Wed, Oct 27, 2010 at 06:23:01PM +0200, Heinz Diehl wrote: > On 27.10.2010, Rick Moritz wrote: > > > Considering the amount of traffic on the list regarding issues like this, > > maybe future versions of dm-crypt should issue an annoying warning when > > creating LUKS-format mapped devices, about how a backup of the header is > > STRONGLY recommended > > No, it's not. Read the FAQ, especially item nr.2 and the answer > from Clemens: > > http://www.saout.de/tikiwiki/tiki-index.php?page=LUKSFaq Aehm, that is the old, obsolete FAQ. You should not reference it anymore. The current FAQ is at http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions and in the cryptsetup source package. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2010-10-27 18:57 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-10-27 12:15 [dm-crypt] valid passphrase not accepted ts0 2010-10-27 14:01 ` Arno Wagner 2010-10-27 14:39 ` Heinz Diehl 2010-10-27 15:56 ` Arno Wagner 2010-10-27 16:07 ` Rick Moritz 2010-10-27 16:16 ` Arno Wagner 2010-10-27 16:23 ` Heinz Diehl 2010-10-27 18:57 ` Arno Wagner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox