[dm-crypt] LUKS header recovery attempt from apparently healthy SSD

Robert Nichols rnicholsNOSPAM at comcast.net
Sat Apr 22 15:33:28 CEST 2017


On 04/21/2017 07:25 PM, Arno Wagner wrote:
> Aassume 1 bit has been corrupted in a random place.
> A key-slot is 256kB, i.e. 2Mbit. That means trying it
> out (flip one bit, do an unlock attempt) would take
> 2 million seconds on the original PC, i.e. 23 days.
> This can maybe be brought down by a factor of 5 or so
> with the fastest avaliable CPU (the oteration count of
> 150k is pretty low), i.e. still roughly 5 days.
>
> This may be worth giving it a try, but it requires some
> serious coding with libcryptsetup and it will only
> help on a single bit-error.
>
> It may of course be a more complex error, especially
> when ECC in the disk has corrected an error to the
> wrong value, because the original was too corrupted.

The drive would almost certainly have detected and corrected a single-bit error.

>
> The keyslot checker is no help here, it is intendend
> to find gross localized corruption,

It is still worth running the keyslot checker to detect gross corruption before spending 5+ days in a (probably futile) search for a single bit flip.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.



More information about the dm-crypt mailing list