On Thu, Jun 03, 2010 at 10:14:53PM +0200, Arno Wagner wrote:
On Thu, Jun 03, 2010 at 09:05:59PM +0300, Panagiotis Malakoudis wrote:
OK, I looked a bit more inside LUKS specification and I now know that the
128KB keyslot is actually the 32byte master key AF-split to 128KB and then
encoded with my key. A single bit of change in these 128KB makes key
invalid.
Now that I know all this, I consider the LUKS format fundamentally flawed to
data corruption.
It is. However this area should not be written by anything except
cryoptsetup. If you look closely basically every filesystem
and partition scheme is about as vulnerable. The thing is,
modern disks do not suffer single bit corruption easily. More
likely are whole lost sectors.
well, actually if you look closely at modern filesystems and
partitioning schemes, you will find there are more than one copy of
critical metadata.
ext2 has a backup superblock
GPT partition has a secondary header and table at the other end of the
disk
we really miss an on-disk backup of the LUKS header.
L.
--
Luca Berra -- bluca@xxxxxxxxxx
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
