[dm-crypt] No key available for this passphrase

Milan Broz gmazyland at gmail.com
Sun Sep 9 10:45:18 CEST 2012


On 09/09/2012 12:45 AM, Matthias Schniedermeyer wrote:
> On 08.09.2012 22:02, Arno Wagner wrote:
>>
>> You can have up to 8 with LUKS. Each gets it own key-slot.
>> Unfortunately, the key-slot with the highest risk to get
>> damaged is the first one and that is where a single passphrase
>> ends up in if you do not override the placement default.

If most of installation it uses only the first slot, you can hardly
notice that other (unused) were corrupted as well :)

Most of programs formatting data today (mkfs, mkswap, lvm, mdadm...)
wipes more data, usually at least the first 4KB.

(mkswap should warn if it detects other signature, it is already
using libblkid. In fact I thought it was fixed years ago...)

> If that happens so often, why not change the default and place the first 
> key in slot 8?
> (Assuming that can be done without significant compatibility issues)

No, this is just hiding problem.
So it will be corrupted after first swap use (in this case)...

Milan


More information about the dm-crypt mailing list