[dm-crypt] openLuks failing - semaphore weird bug involved ?

Arno Wagner arno at wagner.name
Thu Sep 8 00:31:47 CEST 2011


As the header seems to be intact, the possibilities I see are 

- A changed keymap. Some people had problems with special
  symbols moving form ASCII encoding to UTF-8 encoding.
  This yields different passphrase-hashes. See FAQ.

  I am not familiar with seahorse. Maybe its passprase
  input fails and theis leads to cryptsetup getting
  an invalid passphrase as input? Anyways, try to 
  decrypt the key manually and see whether you get a 
  good passphrase for LUKS or an error and in the second
  case, try a manual luksOpen with that passphrase.
 
- Keyslot damage. Look at the first keyslot with a
  hex dumper, e.g. hd or hexdump, and see whether there
  are obvious patterns. Offset and length are in the
  FAQ.

- A broken LUKS version. In that case, can you try
  with, e.g. a life-CD of the old version you used?
  Or download, compile and try manually with the 
  current cryptsetup version? 

The first and last option should yield a complete recovery.
A damaged keyslot is only recoverable with a header backup.

Arno


On Wed, Sep 07, 2011 at 02:30:32PM -0400, Ric Flomag wrote:
> Hi all,
> 
> I've been using an external usb hard drive with three (no LVM)  partitions,
> one of them crypt-luks (set up using palimpsest), for months. It used to get
> auto-mounted under Gnome when plugged. Seahorse provided the key (Ubuntu
> 11.04).
> 
> Since a few days ago, it does not mount anymore. luksOpen yields a "no key
> available" error message. No one around me can be suspected to have changed
> the password. The other (plain ext4) partition mounts normally.
> 
> I can backup or dump the header without a problem. Another usb hardrive,
> with the same luks setup (as shown by header dumps), mounts as usual. All
> this is reproducible on other systems (another ubuntu 11.04 and a 11.10
> beta).
> 
> Note that I have the "weird semaphore bug" described here:
> http://thread.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/5237/focus=5243,
> though, in my case:
>   * it happens approx. once every three luksOpen attempts
>   * It is not related to luksOpen success or failure (the semaphore error
> message is just displayed sometimes with any of both hard drives)
>   * Chromium is not involved
> 
> Coincidentally, I have started to use my hard drives with ubuntu 11.00 beta
> a few days ago. It could have messed up something on one hd and not the
> other?
> 
> Any hint to try and fix this ?
> 
> ------------- faulty partition
> LUKS header information for /dev/sdb3
> 
> Version:           1
> Cipher name:       aes
> Cipher mode:       cbc-essiv:sha256
> Hash spec:         sha1
> Payload offset:    2056
> MK bits:           256
> MK digest:         70 41 d4 78 bd 91 9e 82 c3 9c 61 df e8 6b 4e 28 2f 2b 90
> 94
> MK salt:           a8 c6 7f 6f 35 2b 48 19 cc e7 27 7a 4f a6 ca a3
>                    9f 78 6d f8 21 b0 48 56 44 27 2c 53 75 bf 0c 86
> MK iterations:     22875
> UUID:              4b74a5b1-0c46-4808-98c0-3a51ec5f7c8e
> 
> Key Slot 0: ENABLED
>     Iterations:             91811
>     Salt:                   24 f0 44 14 a7 4d ae e6 b6 2b 42 7c 8d 10 87 39
>                               47 05 fd 35 14 46 62 12 f7 5a 7e 99 8a 67 33
> f5
>     Key material offset:    8
>     AF stripes:                4000
> Key Slot 1: DISABLED
> Key Slot 2: DISABLED
> Key Slot 3: DISABLED
> Key Slot 4: DISABLED
> Key Slot 5: DISABLED
> Key Slot 6: DISABLED
> Key Slot 7: DISABLED

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list