On Sun, Jan 08, 2012 at 01:23:27PM -0000, Konstantin V. Gavrilenko wrote: > ----- Original Message ----- > From: "Arno Wagner" <arno@xxxxxxxxxxx> > To: dm-crypt@xxxxxxxx > Sent: Sunday, 8 January, 2012 11:40:05 AM > Subject: Re: HELP, luksFormat over existing container > > On Sun, Jan 08, 2012 at 09:59:02AM -0000, Konstantin V. Gavrilenko wrote: > > > > ----- Original Message ----- > > From: "Arno Wagner" <arno@xxxxxxxxxxx> > > To: dm-crypt@xxxxxxxx > > Sent: Saturday, 7 January, 2012 12:48:16 PM > > Subject: Re: HELP, luksFormat over existing container > > > > On Sat, Jan 07, 2012 at 10:57:08AM -0000, Konstantin V. Gavrilenko wrote: > > > Hello list, > > > > > > I have a problem :( > > > > > > by mistake, instead of luksOpen I executed lukFormat on the loop device > > > with associated cryptofile. even though the key is was the same, I have > > > no backup of original luksHeader, so I assume i have no way of recovering > > > the SALT. > > > > And the master key is different in addition, at least in the first > > key-slot that also has been overwritten. > > > > KVG: I see, so the cryptsetup generates a different master key at each > > luksFormat eventhough the original key is the same, no hope for me then > > :((( > > It has to do this in order to support multiple passphrases. > > KVG: I relied on pgp for this, since the times when I used to use > loop-aes. besides, IMHPO there is an added benefit of having the key that > is opened by the passphrase, so if shit hits the fan, you just shred the > key, and knowing the passphrase would not unlock the crypto partition. That would be the right approach for plain dm-crypt. For LUKS this is not needed anymore, see FAQ item(s) on deleting a LUKS partition. > > > I am pretty much in Acceptance that it is not possible to > > > recover anything, but would like to get an external confirmation, advice. > > > > You are correct. Next step is to fix your set-up by adding > > backup, see the FAQ. > > > > KVG:((( i had some files that were not backed up. > > > > > p.s. surprised and disappointing that cryptsetup does not issue a warning > > > when running luksFormat over luks preformatted container :( > > > > It gives you a very clear warning and asks for an uppercase "YES" > > and asks for the passphrease two times. That _should_ be enough. > > There is only so much a tool can do to protect you. The UNIX way is > > to warn you, but to assume you want to do what you specified if > > you ignore the warning. > > > > > > > KVG: No it did not give the warning. I guess it depends on how the > > cryptsetup is used. In my case, I have a gpg protected key, that I pipe > > to cryptsetup once it is decrypted. Here is an example, two luksFormats > > in a row and no warning that luks header exists. > > > > root@dmob:/# gpg --decrypt /tmp/keyfile.gpg | cryptsetup -v --cipher serpent-cbc-essiv:sha256 --key-size 256 luksFormat /dev/loop0 > > gpg: CAST5 encrypted data > > gpg: gpg-agent is not available in this session > > gpg: encrypted with 1 passphrase > > gpg: WARNING: message was not integrity protected > > Command successful. > > root@dmob:/# gpg --decrypt /tmp/keyfile.gpg | cryptsetup -v --cipher serpent-cbc-essiv:sha256 --key-size 256 luksFormat /dev/loop0 > > gpg: CAST5 encrypted data > > gpg: gpg-agent is not available in this session > > gpg: encrypted with 1 passphrase > > gpg: WARNING: message was not integrity protected > > Command successful. > > Well, if you script this, then the responsibility for > the warning goes over to you. This does make sense, > because when cryptsetup is fed from STDIN, it has > no clue what its STDOUT and STDERR are attached to. > For all it knows, it may be used from a GUI. It only > goes "interactive" when its STDIN is attached to a > terminal. > > KVG: wouldn't it be better to have a full proof solution, so if you want > the cryptseup to stop being interactive and use it in a script, then there > could be additional switch like --noninteractive, in all other cases it > would issue a warning. Not really. There is a point where you have to asume the user knows what he is doing. Your usage is pretty bizarre for LUKS, but completely typical for use from a script. The next issue is that even if cryptsetup prints the warning, there is absolutely no way for it to ensure that warning is seen. Just think of this being a GTK+ (for example) graphical wrapper. So, sorry, but reading the documentation and being careful is mandatory for safe and secure crypto usage. There is just no way around that. It is too difficult to get right without some understanding of the subject matter. At the same time, there is a strong dependency on the application scenario. > I am wondering how you were hit by that though. Do > you input this command-chain manually? > > > KVG: yes, i did. just copied and pasted the wrong line from a file :( > late at night, after a very very long day at work :( since i didn't get > any warning i didn't suspect anything until too late. well, it didnt take > long, just one command and correctly entered gpg passphrase. Well, there is a second lesson here. The situation is typical BTW, that is why I by now refrain from doing anything potentially dangerous when tired. Added safety measures would include to not have the normal and the dangerous line in a file and scripting this instead of copying it. And if you think about it, you could have just had the line with '--noninteractive' in there as well, as you would have needed to use it actually for the line to work. So again, nothing that cryptsetyp can do. It really is the wrong place to fix this. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
