On Wed, Nov 02, 2011 at 08:23:33AM +0100, Milan Broz wrote: > On 11/02/2011 04:14 AM, mike dentifrice wrote: > > Or do I necessarily have to jump towards the "How do I recover the > > master key from a mapped LUKS container?" FAQ entry? > > You can run that script mentioned there (it will generate master-key-file > from active mapping). > > And then (instead of format) just run > > cryptsetup luksAddKey --master-key-file=<master-key-file> <luks device> I thought so. Very good, added to the FAQ. Arno > and add new arbitrary passphrase. > > (If cryptsetup there doesn't support this option, you can do it on LUKS > header clone outside of server and copy it back with new keyslot.) > > Without using dictionary or brute force attack you cannot recover original > passphrase though. > > In any case, save "dmsetup table --showkeys" output, it will allow to map > device even if you destroy LUKS header. > > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt