[dm-crypt] Overwrote keyfile; Have master key; Recover data?
arno at wagner.name
Fri Sep 14 13:08:03 CEST 2012
On Thu, Sep 13, 2012 at 11:19:06PM -0500, Zack Buhman wrote:
> On Fri, Sep 14, 2012 at 05:18:51AM +0200, Arno Wagner wrote:
> > but you will
> > need to make a new container after recovery, as your
> > master key is now publicly known and your data not secure
> > anymore.
> Nope; I flipped a few characters around ;P
> > Lets see, you have:
> > 0 7813523456 crypt aes-xts-plain bff82...76d4 0 9:127 4096
> > ^^^^^^^^^^^^^ ^^^^^^^^^^^^
> > cipher+mode key
> > A test with a loop file on my system gives:
> > 0 200704 crypt aes-cbc-essiv:sha256 9d....35 0 7:0 4096
> > Your old container does not use the defaults of the
> > cryptsetup sources, but the ones used by some distribution
> > or parameters set by yourself.
> Funny thing is, I was the one who specfied aes-xts-plain.
> > Make sure the new header is also aes-xts-plain, by
> > dumping the master key again. The key and cipher
> > parameter need to be the same, otherwise decryption will
> > not work.
> THAT'S IT! It works! Thank you very much Dr. Wagner; I can't tell you
> how grateful I am of you stating what should have been the obvious.
No problem, and please call me Arno ;-)
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell
More information about the dm-crypt