Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.6.4

[Arno Wagner <arno@wagner.name>]

On Fri, Feb 28, 2014 at 23:06:30 CET, Sven Eschenberg wrote:
> On Fri, February 28, 2014 22:46, Arno Wagner wrote:
> > On Fri, Feb 28, 2014 at 22:26:03 CET, Sven Eschenberg wrote:
> >> Just out of curiosity,
> >>
> >> Isn't it possible (yet) to override header fields during luksopen? If
> >> not,
> >> wouldn't it make sense to add something like that in future versions? I
> >> think it could be of great help when the header is partly damaged, to be
> >> able to override things without using a hex editor.
> >
> > I doubt this makes much sense. From what I have seen,
> > usually the magic string at the start is gone as well,
> > and then there is a real risk that people try this with
> > the wrong data. Using a hex-editor is not that hard and
> > using a hex-dumper is basically required to get any
> > reasonable form of diagnostics. Even the keyslot-
> > checker is basically a specialized hexdump tool.
> 
> Okay, that's true. I personally do use a hexeditor too, I have to admit,
> just thought it could help less experienced people. Then again, if people
> fail to use a hex editor chances are big they make things worse. I guess I
> didn't think this through long enough.

I have a _lot_ of experience with students, some not so bright
or experienced ;-)
 
> >> I am aware that one could use the non-LUKS mode to open a LUKS device by
> >> passing all required parameters, admitted. But a mode where one can use
> >> what's in the header and override single fields could be interesting.
> >> Once
> >> the correct params are determinde this way, one could maybe add an
> >> option
> >> to repair the header with the given replacements (Maybe by adding the
> >> option to reencryt?).
> >>
> >> Just some thoughts that crossed my mind.
> >
> > I doubt this really helps. Also remember that finding out what
> > actually broke the header is important, so fiddeling around
> > with an opaque header and commandline arguments to cryptsetup
> > after you have analyzed a hexdump strikes me as not that effective.
> 
> That's absolutely true, indeed.
> 
> >
> > I do understand that hex-editing is akward for many people,
> > but I do not think this makes it any better or clearer.
> > One thing that would help a bit is a header layout with
> > hex offsets. I think I am going to add that to the FAQ.
> 
> Good point, I'd propose adding this to the luks on disk format document as
> well. If you cannot convert HEX<->DEC inside your head having the hex
> offsets at disposal helps alot. I admit, I used a converter when I edited
> my headers lately.

Me too. For the time being, there now is a nice hex + dec table
in FAQ Item 6.12

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato