On Sun, Apr 30, 2017 at 17:06:57 CEST, protagonist wrote:
> As a short update, I can confirm that when run with the default options,
> pvcreate initializes the first 512 bytes of the LVM header block with
> 0x00, similarly to ext4, creating excellent known plaintext that is easy
> to spot during debugging of decryption routines.
>
> This is documented in the manpage of pvcreate:
> "-Z, --zero {y|n}
> Whether or not the first 4 sectors (2048 bytes) of the device should be
> wiped. If this option is not given, the default is to wipe these sectors
> unless either or both of the --restorefile or --uuid options were
> specified." https://linux.die.net/man/8/pvcreate
>
> My current memcmp of the first 512 bytes therefore works just as well on
> LVM as on ext4 and has managed to find a bit flip on a deliberately
> corrupted key slot.
>
> However, this is bad news for my ultimate target of recovering the
> actual master key of the SSD in question, as it seems my previous
> 1-error checks have been unsuccessful, but valid.
Still impressive work. But it was a 10% thing at best.
Regards,
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
