On Mon, Aug 09, 2010 at 04:04:04PM -0700, epvdm@xxxxxxxxxx wrote: > On Sun, Aug 08, 2010 at 05:57:26AM +0200, Arno Wagner wrote: > > > Oh, certainly. I spent a long time on this before even looking into other > > > possibilities. I put the disks on another machine to test, and tried with > > > the passphrase in a keyfile, loaded with --key-file, with and without > > > trailing cr/lf, as well as typing the passphrase in the clear and cut-n-pasting > > > it into the cryptsetup prompt. > > > > Ok. Have you tried one of your backups for comparison as well? > > They should work. Just for completeness... > > > > Incidentially, your backups should contain a good header + key-slots, > > so copying them over should repair any possible damage. See > > FAQ item on making header backups. But don't do that yet, compare > > the first 1MiB+4096B of a backup and a life disk first. Any header > > or key-slot corruption should show up as difference. If there is no > > difference, then you have some other problem. > > The "real" backups are taken from the mounted filesystem, so they don't > contain the LUKS key material. The mirror-copies I have were all made over > a short period of time and display the same problem, suggesting that the > damage happened some time before that and wasn't noticed until the reboot. I see. A pity. [...] > > No, this is a good idea. But do the comparison with the header and > > key-slots on a working backup disk first. See FAQ item > > "What does the on-disk structure of LUKS look like?" > > for exact length and position of the key-slots. A key-slot consists > > of tighly packed (no spacer or unused space) anti-forensic stripes > > and looks like encrypted data, i.e. "random". If you want to get a > > feel for it, FAQ item "How do I use LUKS with a loop-device?" gives > > instructions how to do LUKS on a file via the loop-device. > > This is interesting. Looking through the first 1MiB+4096B I see quite a > lot of material that is obviously not key material - i.e, text, perl > snippets, and other stuff one would ordinarily see lying around a linux > system disk. Now, there was only ever a single LUKS keyslot in use, so if > the space dedicated to to the rest of them does not get initialized, it > could be that I am just seeing what was on the disk before LUKS was > initialized. However, it could also be bits of other areas of the disk, or > buffer cache, that got written to the keyslot areas. The space does not get initialized. So for you the first 128kiB would be the relevant area. > > > thanks very much for your help, btw. > > > > You are welcome. > > > > Sorry for pointing to the FAQ so often, it really gives you most > > of the info you need. Current copy posted on this list today or > > on the web at > > > > http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions > > > > The FAQ is very helpful; sorry I missed a few parts such as the > size of the key area. :) It has gotten a bit long, addmitedly. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
