On Thu, Sep 13, 2012 at 11:19:06PM -0500, Zack Buhman wrote: > On Fri, Sep 14, 2012 at 05:18:51AM +0200, Arno Wagner wrote: > > but you will > > need to make a new container after recovery, as your > > master key is now publicly known and your data not secure > > anymore. > > Nope; I flipped a few characters around ;P Smart ;-) > > Lets see, you have: > > 0 7813523456 crypt aes-xts-plain bff82...76d4 0 9:127 4096 > > ^^^^^^^^^^^^^ ^^^^^^^^^^^^ > > cipher+mode key > > A test with a loop file on my system gives: > > 0 200704 crypt aes-cbc-essiv:sha256 9d....35 0 7:0 4096 > > > > Your old container does not use the defaults of the > > cryptsetup sources, but the ones used by some distribution > > or parameters set by yourself. > > Funny thing is, I was the one who specfied aes-xts-plain. > > > Make sure the new header is also aes-xts-plain, by > > dumping the master key again. The key and cipher > > parameter need to be the same, otherwise decryption will > > not work. > > THAT'S IT! It works! Thank you very much Dr. Wagner; I can't tell you > how grateful I am of you stating what should have been the obvious. > No problem, and please call me Arno ;-) Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
