From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pT2EcV36hA9 for ; Thu, 21 Jun 2012 17:28:17 +0200 (CEST) Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 21 Jun 2012 17:28:17 +0200 (CEST) Received: by wibhq12 with SMTP id hq12so2025824wib.1 for ; Thu, 21 Jun 2012 08:28:16 -0700 (PDT) Message-ID: <4FE33D87.2030207@gmail.com> Date: Thu, 21 Jun 2012 17:28:07 +0200 From: Milan Broz MIME-Version: 1.0 References: <1340290716.32577.YahooMailNeo@web120705.mail.ne1.yahoo.com> In-Reply-To: <1340290716.32577.YahooMailNeo@web120705.mail.ne1.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] is backing up the master key enough for data recovery if header is destroyed? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Lara Michaels Cc: "dm-crypt@saout.de" On 06/21/2012 04:58 PM, Lara Michaels wrote: > From reading the FAQ, my understanding is that in the event the > header getting destroyed I need ONE of the following for data > recovery to be feasible: > > - header backup + one passphrase - the master key > > By "master key" I am referring to the 256 bits printed out in > hexadecimal by "cryptsetup luksDump --dump-master-key [device]". > > Is it correct that these 256 bits are by themselves sufficient to > unlock the volume? Or would I still need the salt to be intact in the > header? (My understanding from reading the FAQ is that the salt is > not required if I have the master key.) Yes. You need to know cipher name, mode and IV as well, but these are easily to be brute-forced if lost. Salt is not needed if you know volume (master) key directly. Milan