On Mon, Apr 27, 2009 at 12:59:42AM +0200, DerKlappstuhl@xxxxxx wrote: > Hi, > > as my topic says, by mistake I overwrote the first 512bytes of my > dmcrypt partition... > > I read the On-Disk Format Specification and some information on > your website and it says the 'Meta-Data redundancy' ist NOT yet > implementet - so the keys are only stored in the first 512bytes, > correct????? The keys are storwed later on the LUKS container, but there is irreplaceable information in the first 512 bytes (of which there is no redundant copy), namely the salt at offset 132. All other parameters could possibly be recreated with moderate effort, but the 32 byte (= 256 bit) salt cannot. > There's one point I don't understand yet. When I created the > partition (as far as I remember) I did not enter radom data to > increase the entropy of the key - but the 'final key' which encrypts > the data has a radom-component, hasn't it? The key and the salt are random and read from /dev/urandom on Linux, I believe. > So, is there any chance to recover the header (i.e. by using my > cleartext password) - or is my data lost for 100% sure? I am resonably sure that the data is gone. This issue was discussed some time ago on the list, with this conclusion. Side-note: This is one reason I still stick with the old dm-cryopt. For it the key is directly password derived and there is no metadata in the container. It does have other serious drawbacks, however, so there is no clear recommendation on what to use and LUKS is typically better, except for resilience against overwriting the start of the container. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
