On 11/02/2011 04:14 AM, mike dentifrice wrote: > Or do I necessarily have to jump towards the "How do I recover the > master key from a mapped LUKS container?" FAQ entry? You can run that script mentioned there (it will generate master-key-file from active mapping). And then (instead of format) just run cryptsetup luksAddKey --master-key-file=<master-key-file> <luks device> and add new arbitrary passphrase. (If cryptsetup there doesn't support this option, you can do it on LUKS header clone outside of server and copy it back with new keyslot.) Without using dictionary or brute force attack you cannot recover original passphrase though. In any case, save "dmsetup table --showkeys" output, it will allow to map device even if you destroy LUKS header. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
