Hi,
On 08.09.2012 23:47, Arno Wagner wrote:
Wups, what is that? Quite non-standard. Did you select that yourself?
As per the docs I read back in the time, yes, I selected that cipher.
Hash spec: sha1
Payload offset: 3016
MK bits: 384
With that your first keyslot should be from 0x1000 to 0x2ee00.
Find the 'hd' dump at [1], from 0x1000 to 0x2ee00 (didn't attached
because its size is 329K).
Key Slot 0: ENABLED
Iterations: 254001
Pretty large. Unless you have a liquid-nitrogen cooled
CPU, did you increase the iteration time?
Nope, actually, the problem is on a laptop hard disk...
Have you looked at the whole keyslot up to 0x2ee00?
I haven't untill you pointed me to do it with this email :)
It's attached.
And having it done after running the code you attach in another
email, going straight to the low-entropy blocks that it points
to, I have found what seems an image file:
0002a000 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90
|......JFIF......|
0002a010 00 90 00 00 ff e1 00 16 45 78 69 66 00 00 4d 4d
|........Exif..MM|
0002a020 00 2a 00 00 00 08 00 00 00 00 00 00 ff fe 00 17
|.*..............|
0002a030 43 72 65 61 74 65 64 20 77 69 74 68 20 54 68 65 |Created
with The|
0002a040 20 47 49 4d 50 ff db 00 43 00 05 03 04 04 04 03 |
GIMP...C.......|
One thing I don't understand: as per the docs I read for setting
the encryption, I selected a size of 384 bits for the key (that
in the case of lrw just 256 are used). What are we looking for
at 0x2ee00 far?
Most people are hosed in your situations, but there have been
some miraculous recoveries. So really knowing what happened
is the key.
I suppose it. With an analysis of what happened it's all easier.
Thanks,
[1] http://dl.tenak.net/563cc336/hd_devsdb2_0x1000-0x2ee00.dump.bz2
--
Marcos
http://tenak.net/
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
