I'm having trouble calculating the amount of data I need to erase in the header. The af-stripes appears to be hardcoded to 4000, according to the specification [1]. First I made an encrypted loop-device, using default options: cryptsetup luksFormat /dev/loop0 I then made a header backup, using cryptsetup luksHeaderBackup --header-backup-file /tmp/header.img /dev/loop0 The size of this backup (/tmp/header.img) is exactly 1.052.672 bytes, which fits with the number given in the FAQ (see 5.4) [2]. I'm asumming that cryptsetup's calculation is correct. In the FAQ it's also stated that to wipe the header, I need to use to formula: header size = (keyslots x stripes x keysize) + offset bytes I find the relevant values by issuing: cryptsetup luksDump /dev/loop0 The output of this command is on a pastebin here: http://pastebin.com/Nw6NJaQc It seems that my equation would be header size = (1 keyslot * 4000 stripes * 256 bits) + 4096 = 1.028.096 bytes This size is smaller than the size given in the FAQ and the size of my header backup - How come? However, if I set the amount of stripes to 4096 in the formula, I get the correct size: header size = (1 keyslot * 4096 stripes * 256 bits) + 4096 = 1.052.672 bytes What am I doing wrong here? Is luksDump showing the wrong amount of stripes? I would like to make a dynamic script that could quickly determin the correct values for the formula using luksDump and wipe whatever luks-encrypted device that is given as an argument. Please tell if you need more information. ------------------ REFERENCES 1: http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf 2: https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Security_Aspects _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
