On Fri, Jan 11, 2008 at 11:56:13AM +0000, Da Powah wrote: > Arno Wagner <wagner@...> writes: [...] > > I take it a LUKS superblock is > > not or only partially encrypted and its presence should be > > detectable. If it is not there, the data may be lost. If it > > is there, then this may actually be some minor issue, like some > > corrupted metadata that can be repaired. > > The LUKS Superblock is there and clean: Ok. I would think, that except for something very bizarre happening here, this means that the RAID and LVM are entirely unsubstantial to the failure and this is a pure LUKS issue. So lets forget about anytging for the moment ans lets try to unlock the keu number 0 pr at least find out what happened to it. > cryptsetup luksDump /dev/mapper/vg-crypted_raid > LUKS header information for /dev/mapper/vg-crypted_raid > Version: 1 > Cipher name: aes > Cipher mode: cbc-essiv:sha256 > Hash spec: sha1 > Payload offset: 2056MK > bits:256MK > digest: f2 48 52 aa 27 1c 44 2f 8b 75 e7 f6 97 8a fd b1 e9 ca eb eb > MK salt: 5b df c6 92 30 f4 4f 60 13 79 7d f2 13 xx xx xx 33 e5 71 f1 48 a7 ce 82 > d2 5d 30 70 ac 23 84 0c > MK iterations: 10 > UUID: f4ede5a1-cbbd-493a-ab7b-27371cxxxxxx > Key Slot 0: ENABLED > Iterations: 170750 > Salt: 15 de 36 21 58 43 24 88 d8 a3 35 cd c966 91 e55c de 5c 75 81 0b 0f 2e db > 55 xx xx xx65 96 01 > Key material offset: 8AF > stripes: 4000 > Key Slot 1: DISABLED > Key Slot 2: DISABLED > Key Slot 3: DISABLED > Key Slot 4: DISABLED > Key Slot 5: DISABLED > Key Slot 6: DISABLED > Key Slot 7: DISABLED Hmm. Looks good to me. > > > > Anyways, I see no potential problem with this set-up, right up to > > the point where you map (decrypt) it to two different raw devices. > > Raid resyncs, for example, should have no impact at all. LVM also > > seems so be entirely blameless. > As far as i use one mapping only, my setup should be ok. there has to be a > problem with finding the masterkey.... Lets hope and lets find some metadata, > but how ? Yes, the thing with the two devices was a misunderstanding on my side. Unlikely as this sounds, I think you either changed the passphrase or your stired passphrase got corrupted. In both cases there is no possible cure than recovering the original passphrase somehow. After all, this is the whole point of the encryption. Arno -- Arno Wagner, Dipl. Inform., CISSP --- CSG, ETH Zurich, arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
