[dm-crypt] some ideas for recovery?

Arno Wagner arno at wagner.name
Thu Aug 25 15:55:40 CEST 2011

On Thu, Aug 25, 2011 at 12:55:40PM +0000, Ralf wrote:
> Hi,
> I have a problem accessing my data, I have backups but I try to understand what 
> happened so it does not happen again. So maybe you can help me to understand the 
> problem I am faced with.
> I run a mdadm-software-raid6 across 4x 1TB sata disks resulting in a ~2TB 
> /dev/md0. This md0 is consistent and never had issues.

> Would it even be enough to have 99*64k behind the luks header to decrypt
> the FS?  Or what exact blocks would it need to for the IV calculations or
> decryption?  Is there a way to randomly try to decrypt specific blocks
> using the luksheader + my well known password to check if it works or not?

As you can see in the FAQ, item "What does the on-disk structure 
of LUKS look like?" a LUKS header keyslot with standard parameters 
is 128kiB long, so no, it is not enough. Incidentally, with XTS 
as you are using, it is 256kiB and you need to add 4096B offset
for the header. All in the FAQ.

You should realy have a look at the FAQ before you fumble
in the dark like that.

You should also have a look a the "PASSPHRASES" warning at
the start of the FAQ.

And no, wihout an intact keyslot, you password is worthless.

On the other hand, if header and keyslot werw intact, you 
would be abnle to luksOpen. cryptsetup does not care where
the header is or what device it is on, as long as it gets told
the offset of its start.

> Can you explain why my luks header is at offset 64k and why it may reject
> my password on the offsetted loopback device?

Keyslot damage? There is a reason the FAQ strongly recommends
having a header backup. 

> Do you have any idea what might have happened?

No idea. A possible next step (after you have read up on the 
LUKS on disk structure) is to look at keyslot 0 and the other
keyslots. Keyslot 1-7 should be zeroed. Keyslot 0 should
be all random-looking without any discernable structure
at all. If it is not, then something wrote into it and
effectively erased it, courtesy of the anti-forensivc
properties of LUKS. 

As to preventing this happening again: Read the FAQ, 
have a header backup, understand you on-disk structure
and you should be fine.

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list