[dm-crypt] [ANNOUNCE] cryptsetup 1.6.4
arno at wagner.name
Fri Feb 28 12:38:41 CET 2014
On Fri, Feb 28, 2014 at 12:29:35 CET, Milan Broz wrote:
> These are the steps for fixing Whirlpool gcrypt issue, there is manual hack
> to LUKS header required, otherwise it is straightforward. I think this
> should be in FAQ as well...
I will add it.
> (Feel free to fix this description, I just quickly tested this on Arch distro.
> Probably more safe script can be written, volunteers welcome ;-)
> How to fix "flawed gcrypt Whirlpool" hash in LUKS header
> All the text below expects cryptsetup 1.6.4 installed.
> (Previous version doesn't have needed code for workaround.)
> What's the problem?
> - gcrypt in version prior to 1.6.0 includes flawed Whirlpool hash
> (bug only hits when hash is calculated in multiple chunks, unfortunately
> this is the cryptsetup case).
> If you use Whirlpool as LUKS header hash with previous gcrypt and upgrade
> to gcrypt 1.6.x, you cannot open LUKS device anymore.
> These are the steps how to fix it in-place:
> -1) Backup LUKS header. Really. (see luksHeaderBackup command)
> 0) Use cryptsetup 1.6.4 or more recent.
> 1) double check which gcrypt you are using. You can even use cryptsetup here:
> # cryptsetup luksDump <your luks device> --debug | grep backend
> - for flawed (old gcrypt) you should see something like this:
> # Crypto backend (gcrypt 1.5.3, flawed whirlpool) initialized.
> - for already fixed gcrypt you should see
> # Crypto backend (gcrypt 1.6.1) initialized.
> Next step depends if you can unlock the device (old gcrypt) or you
> are already running upgraded system (and cannot unlock LUKS device anymore).
> 2a) If you can unlock device (you have still old gcrypt and want to prepare
> for gcrypt upgrade) simply reencrypt LUKS header with different hash (e.g. sha256)
> # cryptsetup-reencrypt --keep-key --hash sha256 <your luks device>
> and you are done (you will need to enter all keyslot passphrasses).
> 2b) If you have already broken system (upgraded gcrypt).
> - you MUST use gcrypt 1.6.1 or more recent
> (requires bug emulation flag, cryptsetup must be compiled with this version)
> - now you need to change LUKS header hash name from "whirlpool" to "whirlpool_gcryptbug"
> (this requires manual overwrite). You can use hex editor or e.g.
> # echo -n -e 'whirlpool_gcryptbug\0' | dd of=<luks device> bs=1 seek=72 conv=notrunc
> verify with cryptsetup luksDump. This step is dangerous, so be sure you have backups
> (notrunc dd option it very important for LUKS images in file).
> And now you can open the device again.
> I strongly suggest to change LUKS hash now as described in 2a) so your device
> is compatible with older distros again.
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. - Plato
More information about the dm-crypt