[dm-crypt] Hosed encrypted drive. Is disaster recovery possible?
arno at wagner.name
Mon Aug 2 01:01:13 CEST 2010
On Sun, Aug 01, 2010 at 02:11:36PM -0700, Willie wrote:
> Evening all,
> I'm not very hopeful of a positive response, but having just made my
> worst mistake in thirty years of computing I thought this would be where
> most of the relevant knowledge is.
> I have an external 1.5TB Seagate drive, encrypted with dm-crypt/luks and
> formatted xfs.
> In a state of dog-tiredness, thinking I was pointing at a USB stick, I
> have inadvertently wiped a few hundred MB of the beginning of this disk
> dd if=./archlinux-2010.05-netinstall-i686.iso of=/dev/sdc
> My question, as you might guess - is there any possibility of recovering
> the vast amount of data still on the drive? I could do it with an
> unencrypted disk, but I have no idea how to proceed in this case.
> Thanks for any suggestions. (I've managed not to cry so far...)
sorry, but you will have wiped the salt in the header, which
makes recovery impossible. You will also have wiped all keys
(they take about the first 8.5MB), which again does make recovery
impossible. In fact, any recovery from this would mean that
LUKS is badly broken security-wise.
The only protection against this type of error is (besides a
conventional backup), a header backup, see the FAQ at
I did something similar recently, (tired and thinking I was blanking
an USB stick), fortunately I had a backup of the whole disk. But the
lession to me was: Hands away from dd and family when tired.
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt