[dm-crypt] about invalid key slots
arno at wagner.name
Mon Apr 2 09:47:57 CEST 2012
On Mon, Apr 02, 2012 at 01:43:28AM -0400, .. ink .. wrote:
> On Sun, Apr 1, 2012 at 8:41 PM, .. ink .. <mhogomchungu at gmail.com> wrote:
> > > $ sudo cryptsetup luksOpen /dev/sdc dsk
> > > LUKS keyslot 6 is invalid.
> > > LUKS keyslot 7 is invalid.
> > A user with a problem with invalid key slots had the above in one of the
> > recent mailing list post.
> > Does cryptsetup check all slots if they are valid before it tries to open
> > a volume and bail out when it finds an invalid one or does it give the
> > above error if it cant get a valid key on on valid key slots?
> > example, if a valid slot was on slot number 1 and he entered a passphrase
> > that is on slot number 1.Would he have got the same error message?
> > did cryptsetup went through all the valid keyslots, didnt find the key and
> > suspect that the key might be on the two invalid slots and reported the
> > error?
> is it possible to get or how can i create a volume with an invalid key? i
> would lik3 to test this for my program zulucrypt but i cant seem to manage
> to corrupt a volume. The best i have got after trying for hours is
> inconsistency at best.
> crypt_keyslot_status API shows the key is invalid but cryptsetup luksDump
> shown the key slot as disabled and cryptsetup executable just says the
> password does not exist when trying to open the volume with the a key in
> slot i try to make invalid
As far as I understand Milan, this is not the keyslot being
invalid, but its offset and/or size, i.e. the keyslot descriptor
in the header has been corrupted.
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell
More information about the dm-crypt