On 10.3.2013 14:19, hephey@xxxxxxxxxxx wrote:
I'm having trouble calculating the amount of data I need to erase in the
header.
The af-stripes appears to be hardcoded to 4000, according to the
specification [1].
First I made an encrypted loop-device, using default options:
cryptsetup luksFormat /dev/loop0
I then made a header backup, using
cryptsetup luksHeaderBackup --header-backup-file /tmp/header.img /dev/loop0
The size of this backup (/tmp/header.img) is exactly 1.052.672 bytes,
which fits with the number given in the FAQ (see 5.4) [2]. I'm asumming
that cryptsetup's calculation is correct.
luksHeaderBackup in older versions saved header including alignment area
(not used area between keyslots and data offset start).
I later changed that to save only real used data, so the backup is smaller.
(Check the latest version, I think you get slightly smaller backup file.)
FYI - the layout is basically (* == alignment area, unused)
|LUKShdr|*|slot1|*|slot2|*| ... |slot8|*|CIPHERTEXT DATA
^ data payload offset (luksDump)
^1 ^2 ... slots offsets (see luksDump)
Keyslot oofsets are always aligned to multiple of 4096 bytes, data area
alignment depends paramaters, ususally it is aligned to multiple of 1MiB.
So numbers are correct. (From above, the simplest method to erase
it is to use data offset and wipe everyting before that).
However, if I set the amount of stripes to 4096 in the formula, I get the
Stripe count is always hardcoded to 4000 for LUKS1 format.
You just see bigger backup file because of data alignment mentioned above.
Milan
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
