[dm-crypt] does luksDump guarantee header integrity?

Robert Nichols rnicholsNOSPAM at comcast.net
Sat Mar 23 14:59:08 CET 2013

On 03/23/2013 12:38 AM, hank wrote:
> Hi,
> I accidentally "formatted" an encrypted partition with mkfs.nilfs2
> (incl. -K option). Luckily mkfs.nilfs2 normally only overwrites data
> after 1024 bytes from the start of the block device, so the LUKS header
> should have remained intact.

The LUKS header, including the key material, is roughly a half Megabyte
in size. The key material, expanded and broken up into 4000 stripes for
each key slot, follows the 592-byte LUKS partition header (PHDR). Your
accidental formatting left the parameters in the PHDR and the
descriptors for first 6 key slots untouched, but overwrote the actual
key material.  Without a backup of the entire ~.5MB LUKS header you
cannot obtain the master key, and your data is unrecoverable.

Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

More information about the dm-crypt mailing list