[dm-crypt] Securely erase LUKS header

hephey at lavabit.com hephey at lavabit.com
Sun Mar 10 14:19:32 CET 2013


I'm having trouble calculating the amount of data I need to erase in the
header.

The af-stripes appears to be hardcoded to 4000, according to the
specification [1].

First I made an encrypted loop-device, using default options:

  cryptsetup luksFormat /dev/loop0

I then made a header backup, using

  cryptsetup luksHeaderBackup --header-backup-file /tmp/header.img /dev/loop0

The size of this backup (/tmp/header.img) is exactly 1.052.672 bytes,
which fits with the number given in the FAQ (see 5.4) [2]. I'm asumming
that cryptsetup's calculation is correct.

In the FAQ it's also stated that to wipe the header, I need to use to
formula:

  header size = (keyslots x stripes x keysize) + offset bytes

I find the relevant values by issuing:

  cryptsetup luksDump /dev/loop0

The output of this command is on a pastebin here:
http://pastebin.com/Nw6NJaQc

It seems that my equation would be
  header size = (1 keyslot * 4000 stripes * 256 bits) + 4096 = 1.028.096
bytes

This size is smaller than the size given in the FAQ and the size of my
header backup - How come?

However, if I set the amount of stripes to 4096 in the formula, I get the
correct
size:

  header size = (1 keyslot * 4096 stripes * 256 bits) + 4096 = 1.052.672
bytes

What am I doing wrong here? Is luksDump showing the wrong amount of
stripes? I would like to make a dynamic script that could quickly determin
the correct values for the formula using luksDump and wipe whatever
luks-encrypted device that is given as an argument.

Please tell if you need more information.

------------------
REFERENCES
1: http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf
2:
https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5._Security_Aspects




More information about the dm-crypt mailing list