[dm-crypt] Overwrote keyfile; Have master key; Recover data?

Arno Wagner arno at wagner.name
Fri Sep 14 13:08:03 CEST 2012


On Thu, Sep 13, 2012 at 11:19:06PM -0500, Zack Buhman wrote:
> On Fri, Sep 14, 2012 at 05:18:51AM +0200, Arno Wagner wrote:
> > but you will
> > need to make a new container after recovery, as your
> > master key is now publicly known and your data not secure
> > anymore.
> 
> Nope; I flipped a few characters around ;P

Smart ;-)
  
> > Lets see, you have:
> > 0 7813523456 crypt aes-xts-plain bff82...76d4 0 9:127 4096
> >                    ^^^^^^^^^^^^^ ^^^^^^^^^^^^
> >                    cipher+mode   key
> > A test with a loop file on my system gives:
> > 0 200704 crypt aes-cbc-essiv:sha256 9d....35 0 7:0 4096
> > 
> > Your old container does not use the defaults of the 
> > cryptsetup sources, but the ones used by some distribution
> > or parameters set by yourself. 
>  
> Funny thing is, I was the one who specfied aes-xts-plain.
>  
> > Make sure the new header is also aes-xts-plain, by
> > dumping the master key again. The key and cipher 
> > parameter need to be the same, otherwise decryption will 
> > not work.
> 
> THAT'S IT! It works! Thank you very much Dr. Wagner; I can't tell you
> how grateful I am of you stating what should have been the obvious.
> 

No problem, and please call me Arno ;-)

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list