On Thu, Jun 03, 2010 at 09:05:59PM +0300, Panagiotis Malakoudis wrote: > OK, I looked a bit more inside LUKS specification and I now know that the > 128KB keyslot is actually the 32byte master key AF-split to 128KB and then > encoded with my key. A single bit of change in these 128KB makes key > invalid. > > Now that I know all this, I consider the LUKS format fundamentally flawed to > data corruption. It is. However this area should not be written by anything except cryoptsetup. If you look closely basically every filesystem and partition scheme is about as vulnerable. The thing is, modern disks do not suffer single bit corruption easily. More likely are whole lost sectors. > A single bit flip invalidates your key. cryptsetup should > point that out this and suggest using at least two keyslots, just for > precaution from data corruption. A second copy of the LUKS header > would also be of great help here. The header backup is needed anyways. The anti-forensic property is a treade-off between vulnerability to corruption and security. Using two keyslots will not help because if you get your full-sector corruption (and that is what you get in allmost all cases) in the header, everything is gone as well, because there is no way to reconstruct the salts. So header+keyslot backyp is advisable in some cases, but it decreases your security, for example old and invalidated keyslots can be made to work again with such a backup. It is not that simple and depends on the use case. I can understand your frustration though. Arno > Fatality ... > > On Thu, Jun 3, 2010 at 6:51 PM, Milan Broz <mbroz@xxxxxxxxxx> wrote: > > > On 06/03/2010 05:32 PM, Panagiotis Malakoudis wrote: > > > I have a luks partition which was corrupted by failed disk i/o. > > > Examining the partition, the first 512 bytes of the LUKS header is > > > correct, then there is a corruption which I am not really sure how many > > > sectors affected. Giving the correct key always returns: "No key > > > available with this passphrase.". Since the first 512 bytes are correct, > > > I guess all key information is unharmed. Is there a way to decrypt the > > > partition, even loosing some sectors of data? > > > > If any part of the used keyslot (which is located after visible header, > > - in you case starting at sector 8 to sector 264 (hope I calculated it > > properly), > > is modified or lost, you lost that keyslot completely. > > > > Because you have only one active keyslot, you probably lost the whole > > disk:-( > > (Only backup of this keyslot area can help here.) > > > > Milan > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
