[dm-crypt] HELP, luksFormat over existing container

Arno Wagner arno at wagner.name
Sun Jan 8 18:18:23 CET 2012


On Sun, Jan 08, 2012 at 01:23:27PM -0000, Konstantin V. Gavrilenko wrote:
> ----- Original Message -----
> From: "Arno Wagner" <arno at wagner.name>
> To: dm-crypt at saout.de
> Sent: Sunday, 8 January, 2012 11:40:05 AM
> Subject: Re: [dm-crypt] HELP, luksFormat over existing container
> 
> On Sun, Jan 08, 2012 at 09:59:02AM -0000, Konstantin V. Gavrilenko wrote:
> > 
> > ----- Original Message -----
> > From: "Arno Wagner" <arno at wagner.name>
> > To: dm-crypt at saout.de
> > Sent: Saturday, 7 January, 2012 12:48:16 PM
> > Subject: Re: [dm-crypt] HELP, luksFormat over existing container
> > 
> > On Sat, Jan 07, 2012 at 10:57:08AM -0000, Konstantin V. Gavrilenko wrote:
> > > Hello list,
> > > 
> > > I have a problem :(
> > > 
> > > by mistake, instead of luksOpen I executed lukFormat on the loop device
> > > with associated cryptofile.  even though the key is was the same, I have
> > > no backup of original luksHeader, so I assume i have no way of recovering
> > > the SALT.  
> > 
> > And the master key is different in addition, at least in the first
> > key-slot that also has been overwritten.
> > 
> > KVG: I see, so the cryptsetup generates a different master key at each
> > luksFormat eventhough the original key is the same, no hope for me then
> > :(((
> 
> It has to do this in order to support multiple passphrases.

> 
> KVG: I relied on pgp for this, since the times when I used to use
> loop-aes.  besides, IMHPO there is an added benefit of having the key that
> is opened by the passphrase, so if shit hits the fan, you just shred the
> key, and knowing the passphrase would not unlock the crypto partition.


That would be the right approach for plain dm-crypt. For LUKS this
is not needed anymore, see FAQ item(s) on deleting a LUKS partition.


> > > I am pretty much in Acceptance that it is not possible to
> > > recover anything, but would like to get an external confirmation, advice.
> > 
> > You are correct. Next step is to fix your set-up by adding
> > backup, see the FAQ.  
> >  
> > KVG:((( i had some files that were not backed up.
> > 
> > > p.s. surprised and disappointing that cryptsetup does not issue a warning
> > > when running luksFormat over luks preformatted container :(
> > 
> > It gives you a very clear warning and asks for an uppercase "YES"
> > and asks for the passphrease two times. That _should_ be enough. 
> > There is only so much a tool can do to protect you. The UNIX way is
> > to warn you, but to assume you want to do what you specified if
> > you ignore the warning. 
> > 
> 
> > 
> > KVG: No it did not give the warning. I guess it depends on how the
> > cryptsetup is used.  In my case, I have a gpg protected key, that I pipe
> > to cryptsetup once it is decrypted.  Here is an example, two luksFormats
> > in a row and no warning that luks header exists.
> >  
> > root at dmob:/# gpg --decrypt /tmp/keyfile.gpg | cryptsetup -v --cipher serpent-cbc-essiv:sha256 --key-size 256 luksFormat /dev/loop0
> > gpg: CAST5 encrypted data
> > gpg: gpg-agent is not available in this session
> > gpg: encrypted with 1 passphrase
> > gpg: WARNING: message was not integrity protected
> > Command successful.
> > root at dmob:/# gpg --decrypt /tmp/keyfile.gpg | cryptsetup -v --cipher serpent-cbc-essiv:sha256 --key-size 256 luksFormat /dev/loop0
> > gpg: CAST5 encrypted data
> > gpg: gpg-agent is not available in this session
> > gpg: encrypted with 1 passphrase
> > gpg: WARNING: message was not integrity protected
> > Command successful.
> 
> Well, if you script this, then the responsibility for 
> the warning goes over to you. This does make sense,
> because when cryptsetup is fed from STDIN, it has
> no clue what its STDOUT and STDERR are attached to.
> For all it knows, it may be used from a GUI. It only
> goes "interactive" when its STDIN is attached to a 
> terminal.

> 
> KVG: wouldn't it be better to have a full proof solution, so if you want
> the cryptseup to stop being interactive and use it in a script, then there
> could be additional switch like --noninteractive, in all other cases it
> would issue a warning.

Not really. There is a point where you have to asume the 
user knows what he is doing. Your usage is pretty bizarre for
LUKS, but completely typical for use from a script. The
next issue is that even if cryptsetup prints the warning, there 
is absolutely no way for it to ensure that warning is seen. 
Just think of this being a GTK+ (for example) graphical wrapper.
 
So, sorry, but reading the documentation and being careful is
mandatory for safe and secure crypto usage. There is just no way
around that. It is too difficult to get right without some 
understanding of the subject matter. At the same time, there is
a strong dependency on the application scenario.

> I am wondering how you were hit by that though. Do
> you input this command-chain manually? 
> 
> 
> KVG: yes, i did. just copied and pasted the wrong line from a file  :(
> late at night, after a very very long day at work :( since i didn't get
> any warning i didn't suspect anything until too late.  well, it didnt take
> long, just one command and correctly entered gpg passphrase.

Well, there is a second lesson here. The situation is typical
BTW, that is why I by now refrain from doing anything potentially
dangerous when tired. Added safety measures would include to 
not have the normal and the dangerous line in a file and 
scripting this instead of copying it. 

And if you think about it, you could have just had the line
with '--noninteractive' in there as well, as you would have
needed to use it actually for the line to work. So again, 
nothing that cryptsetyp can do. It really is the wrong place 
to fix this. 

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list