On Fri, Feb 28, 2014 at 12:29:35 CET, Milan Broz wrote: [...] > These are the steps for fixing Whirlpool gcrypt issue, there is manual hack > to LUKS header required, otherwise it is straightforward. I think this > should be in FAQ as well... I will add it. Arno > (Feel free to fix this description, I just quickly tested this on Arch distro. > Probably more safe script can be written, volunteers welcome ;-) > > How to fix "flawed gcrypt Whirlpool" hash in LUKS header > > All the text below expects cryptsetup 1.6.4 installed. > (Previous version doesn't have needed code for workaround.) > > What's the problem? > > - gcrypt in version prior to 1.6.0 includes flawed Whirlpool hash > (bug only hits when hash is calculated in multiple chunks, unfortunately > this is the cryptsetup case). > If you use Whirlpool as LUKS header hash with previous gcrypt and upgrade > to gcrypt 1.6.x, you cannot open LUKS device anymore. > > These are the steps how to fix it in-place: > > -1) Backup LUKS header. Really. (see luksHeaderBackup command) > > 0) Use cryptsetup 1.6.4 or more recent. > > > 1) double check which gcrypt you are using. You can even use cryptsetup here: > > # cryptsetup luksDump <your luks device> --debug | grep backend > > - for flawed (old gcrypt) you should see something like this: > # Crypto backend (gcrypt 1.5.3, flawed whirlpool) initialized. > > - for already fixed gcrypt you should see > # Crypto backend (gcrypt 1.6.1) initialized. > > > Next step depends if you can unlock the device (old gcrypt) or you > are already running upgraded system (and cannot unlock LUKS device anymore). > > > 2a) If you can unlock device (you have still old gcrypt and want to prepare > for gcrypt upgrade) simply reencrypt LUKS header with different hash (e.g. sha256) > > # cryptsetup-reencrypt --keep-key --hash sha256 <your luks device> > > and you are done (you will need to enter all keyslot passphrasses). > > > 2b) If you have already broken system (upgraded gcrypt). > > - you MUST use gcrypt 1.6.1 or more recent > (requires bug emulation flag, cryptsetup must be compiled with this version) > > - now you need to change LUKS header hash name from "whirlpool" to "whirlpool_gcryptbug" > (this requires manual overwrite). You can use hex editor or e.g. > > # echo -n -e 'whirlpool_gcryptbug\0' | dd of=<luks device> bs=1 seek=72 conv=notrunc > > verify with cryptsetup luksDump. This step is dangerous, so be sure you have backups > (notrunc dd option it very important for LUKS images in file). > > And now you can open the device again. > > I strongly suggest to change LUKS hash now as described in 2a) so your device > is compatible with older distros again. > > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
