From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <rdzidlic@googlemail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id fbO0XZnt9Neg for <dm-crypt@saout.de>;
 Mon, 31 Dec 2012 13:41:17 +0100 (CET)
Received: from mail-ee0-f43.google.com (mail-ee0-f43.google.com [74.125.83.43])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon, 31 Dec 2012 13:41:17 +0100 (CET)
Received: by mail-ee0-f43.google.com with SMTP id e49so6285575eek.2
 for <dm-crypt@saout.de>; Mon, 31 Dec 2012 04:41:17 -0800 (PST)
Sender: "Richard Z." <rdzidlic@googlemail.com>
Date: Mon, 31 Dec 2012 13:40:36 +0100
From: Richard <rz@linux-m68k.org>
Message-ID: <20121231124035.GA4438@rz>
References: <CA+VYMuZ43V_+NgdUUSdLL4hC16hwqvpwLHnSTo32SGV52TPbzg@mail.gmail.com>
 <20121227095229.GA9356@tansi.org>
 <b3dc0fbd42b8f3e232a758c38e42f26e.squirrel@ssl.verfeiert.org>
 <20121228150430.GA17491@tansi.org>
 <CA+VYMuZT3wnwA4nJd=WjgugwpvoV8n+zKKYEE+H02HY1CB=sjQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+VYMuZT3wnwA4nJd=WjgugwpvoV8n+zKKYEE+H02HY1CB=sjQ@mail.gmail.com>
Subject: Re: [dm-crypt] Avoiding fsck.ext4 destruction of crypto_luks data
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Emily Williams <emilyw@MIT.EDU>
Cc: dm-crypt@saout.de

On Sun, Dec 30, 2012 at 11:59:56AM -0500, Emily Williams wrote:
> On Fri, Dec 28, 2012 at 10:04 AM, Arno Wagner <arno@wagner.name> wrote:


> >  > I wonder how fsck checks for a superblock. I still assume, that chances
> > of
> > > having encrypted data in the right block on disk looking like a correct
> > > ext-superblock is next to zero.
> >
> > The ext2 superblock magic number seems to be 0xEF53. That is a bit
> > short but still only gives something like 1 in 65536 probability of
> > misdetection in encrypted data. I think we can rule that out
> > for the moment.
> 
> 
> That actually seems like a pretty big chance to me. esp. if a hard drive
> manufacturer happens to have shipped a hard drive model where each hard
> drive has this problem.

fsck will not blindly trust a random superblock signature. All values inside
the superblock are checked if they are plausible. It will scream loudly if
superblock is screwed. The chance it will accept a random sector as valid
superblock is very very close to zero.


Richard

---
Name and OpenPGP keys available from pgp key servers