[dm-crypt] Missing keyslot or broken header or still some hope? SOLVED

Michael Kjörling michael at kjorling.se
Sun Nov 6 12:13:07 CET 2016


On 6 Nov 2016 08:26 +0100, from zero.tonin at web.de:
> Now, getting back to my drive, I have to make the most embarrassing
> confession - for the last three days I actually tried to unlock the
> drive with my user account password and, in contrast to my initial
> words (which I eat now), _not_ with  the drive password. I have not
> the lsightest idea why, apart from the two (password and passphrase)
> being in use both for the same amount of time, which is roughly 5
> years or so. 

Given what we have found out, I was about to suggest the same thing as
Sven: to quadruple-check that the LUKS passphrase really was correct,
because that was about the only thing remaining that could reasonably
explain what you were seeing.


> I am, while relieved I can recover the data, add a second keyslot
> and rsync the drive immediately, sincerely sorry for having used
> (some may say wasted) this list's and some individual's time,, but
> thanks again for all your help.
> 
> On the positive side, this forced me to learn a bit more about luks
> and what it actually does (instead of just using it) and also was an
> opportunity to lear to never again claim I am "100% certain about
> the password"…

It also forced you to consider your restore strategy. Remember, it's
not truly a backup until you have restored from it onto bare metal.

Now, add a second key slot with a different passphrase, then store
that passphrase securely. To avoid key mapping issues, you may want to
use Yubico's Modhex alphabet (cbdefghijklnrtuv), as they selected
those characters specifically because they are as independent of
keyboard layout settings as possible while providing four bits per
character. Apparently in that set, "c" is known to be potentially
ambigous. https://forum.yubico.com/viewtopic.php?f=6&t=96

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the dm-crypt mailing list