On 04/06/16 05:06, Arno Wagner wrote: >> If the ASCII strings "LABELONE" and "LVM2" cannot be seen in the >> first few sectors of the volume, then that volume is either >> overwritten or not being decrypted correctly. LVM keeps quite a bit >> of easily recognized ASCII data in the volume header. >> >> In this case the fragile link seems to be the LUKS detached header, >> as I believe there is nothing to associate that header with a device >> and precise starting point for the payload. Yes, there is a check >> that the master key was reconstructed correctly. Now the question is >> what, if anything, does this key decrypt. > > That is the one thing with a detached header: As the sector > number goes into the decryption, decryption must start at the > right place. If it does, it will becorrect with LUKS. If not, > "random" data should result with XTS mode, I agree. > > Now, in theory it would be possible to try each possible offset > from the start of the device (depends on how the partition > for the LUKS container was created), until some (later) part > of the decrypted data has some deviation from uniform > distribution in byte-counts. Hi! Thanks for all the feedback. I ran out of time for recovering this, but as soon as I can I'll get back with the results :) -- :>
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
