[dm-crypt] No key available for this passphrase

Arno Wagner arno at wagner.name
Sun Sep 9 15:49:04 CEST 2012


On Sun, Sep 09, 2012 at 01:53:08PM +0100, Marcos wrote:
> Hi,
> 
> On 08.09.2012 23:47, Arno Wagner wrote:
> >Wups, what is that? Quite non-standard. Did you select that yourself?
> 
> As per the docs I read back in the time, yes, I selected that cipher.
> 
> >>Hash spec:     	sha1
> >>Payload offset:	3016
> >>MK bits:       	384
> >
> >
> >With that your first keyslot should be from 0x1000 to 0x2ee00.
> 
> Find the 'hd' dump at [1], from 0x1000 to 0x2ee00 (didn't attached
> because its size is 329K).
> 
> >>Key Slot 0: ENABLED
> >>	Iterations:         	254001
> >
> >Pretty large. Unless you have a liquid-nitrogen cooled
> >CPU, did you increase the iteration time?
> 
> Nope, actually, the problem is on a laptop hard disk...
> 
> >Have you looked at the whole keyslot up to 0x2ee00?
> 
> I haven't untill you pointed me to do it with this email :)
> It's attached.
> 
> And having it done after running the code you attach in another
> email, going straight to the low-entropy blocks that it points
> to, I have found what seems an image file:
> 
> 0002a000  ff d8 ff e0 00 10 4a 46  49 46 00 01 01 01 00 90
> |......JFIF......|
> 0002a010  00 90 00 00 ff e1 00 16  45 78 69 66 00 00 4d 4d
> |........Exif..MM|
> 0002a020  00 2a 00 00 00 08 00 00  00 00 00 00 ff fe 00 17
> |.*..............|
> 0002a030  43 72 65 61 74 65 64 20  77 69 74 68 20 54 68 65  |Created
> with The|
> 0002a040  20 47 49 4d 50 ff db 00  43 00 05 03 04 04 04 03  |
> GIMP...C.......|

Well, on one hand I am glad my tool actually works, on the
other hand this means your data is really gone.
 
Wonder how that got in there though. Maybe used as swap because
of the leftover signature?

> One thing I don't understand: as per the docs I read for setting
> the encryption, I selected a size of 384 bits for the key (that
> in the case of lrw just 256 are used). What are we looking for
> at 0x2ee00 far?

LUKS splits the key (really: blows it up) with the AF splitter.
It blows it up to exactly 4000 times the original key size.
Your key is 384 bit = 48 B. 48 * 4000 = 192'000 = 0x2ee00.
And then add the start-offset (which I forgot ;-) to get
0x2fe00. 

> >Most people are hosed in your situations, but there have been
> >some miraculous recoveries. So really knowing what happened
> >is the key.
> 
> I suppose it. With an analysis of what happened it's all easier.
> 
> Thanks,

No problem.

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list