Re: Need help! Lost my superblock!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 27, 2009 at 12:59:42AM +0200, DerKlappstuhl@xxxxxx wrote:
> Hi,
> 
> as my topic says, by mistake I overwrote the first 512bytes of my 
> dmcrypt partition...
>
>  I read the On-Disk Format Specification and some information on
> your website and it says the 'Meta-Data redundancy' ist NOT yet
> implementet - so the keys are only stored in the first 512bytes,
> correct?????

The keys are storwed later on the LUKS container, but there is
irreplaceable information in the first 512 bytes (of which there 
is no redundant copy), namely the salt at offset 132. All other
parameters could possibly be recreated with moderate effort,
but the 32 byte (= 256 bit) salt cannot.

> There's one point I don't understand yet. When I created the
> partition (as far as I remember) I did not enter radom data to
> increase the entropy of the key - but the 'final key' which encrypts
> the data has a radom-component, hasn't it?

The key and the salt are random and read from /dev/urandom on Linux,
I believe.

> So, is there any chance to recover the header (i.e. by using my
> cleartext password) - or is my data lost for 100% sure?

I am resonably sure that the data is gone. This issue was discussed
some time ago on the list, with this conclusion.

Side-note: This is one reason I still stick with the old 
dm-cryopt. For it the key is directly password derived and 
there is no metadata in the container. It does have other
serious drawbacks, however, so there is no clear recommendation
on what to use and LUKS is typically better, except for resilience
against overwriting the start of the container.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux