[dm-crypt] Overwrote keyfile; Have master key; Recover data?

Zack Buhman zack at buhman.org
Fri Sep 14 06:19:06 CEST 2012

On Fri, Sep 14, 2012 at 05:18:51AM +0200, Arno Wagner wrote:
> but you will
> need to make a new container after recovery, as your
> master key is now publicly known and your data not secure
> anymore.

Nope; I flipped a few characters around ;P
> Lets see, you have:
> 0 7813523456 crypt aes-xts-plain bff82...76d4 0 9:127 4096
>                    ^^^^^^^^^^^^^ ^^^^^^^^^^^^
>                    cipher+mode   key
> A test with a loop file on my system gives:
> 0 200704 crypt aes-cbc-essiv:sha256 9d....35 0 7:0 4096
> Your old container does not use the defaults of the 
> cryptsetup sources, but the ones used by some distribution
> or parameters set by yourself. 
Funny thing is, I was the one who specfied aes-xts-plain.
> Make sure the new header is also aes-xts-plain, by
> dumping the master key again. The key and cipher 
> parameter need to be the same, otherwise decryption will 
> not work.

THAT'S IT! It works! Thank you very much Dr. Wagner; I can't tell you
how grateful I am of you stating what should have been the obvious.

Thanks again,
Zack Buhman

More information about the dm-crypt mailing list