[dm-crypt] Hosed encrypted drive. Is disaster recovery possible?

Arno Wagner arno at wagner.name
Mon Aug 2 01:01:13 CEST 2010


On Sun, Aug 01, 2010 at 02:11:36PM -0700, Willie wrote:
> Evening all,
> 
> I'm not very hopeful of a positive response, but having just made my
> worst mistake in thirty years of computing I thought this would be where
> most of the relevant knowledge is.
> 
> I have an external 1.5TB Seagate drive, encrypted with dm-crypt/luks and
> formatted xfs.
> 
> In a state of dog-tiredness, thinking I was pointing at a USB stick, I
> have inadvertently wiped a few hundred MB of the beginning of this disk
> with:
> 
>    dd if=./archlinux-2010.05-netinstall-i686.iso of=/dev/sdc
> 
> My question, as you might guess - is there any possibility of recovering
> the vast amount of data still on the drive? I could do it with an
> unencrypted disk, but I have no idea how to proceed in this case.
> 
> Thanks for any suggestions. (I've managed not to cry so far...)
> 
> Willie

Hi Willie,

sorry, but you will have wiped the salt in the header, which 
makes recovery impossible. You will also have wiped all keys
(they take about the first 8.5MB), which again does make recovery 
impossible. In fact, any recovery from this would mean that
LUKS is badly broken security-wise.

The only protection against this type of error is (besides a 
conventional backup), a header backup, see the FAQ at 
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions

I did something similar recently, (tired and thinking I was blanking
an USB stick), fortunately I had a backup of the whole disk. But the 
lession to me was: Hands away from dd and family when tired. 

Arno

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list