[dm-crypt] [ANNOUNCE] cryptsetup 1.6.4
arno at wagner.name
Fri Feb 28 22:46:01 CET 2014
On Fri, Feb 28, 2014 at 22:26:03 CET, Sven Eschenberg wrote:
> Just out of curiosity,
> Isn't it possible (yet) to override header fields during luksopen? If not,
> wouldn't it make sense to add something like that in future versions? I
> think it could be of great help when the header is partly damaged, to be
> able to override things without using a hex editor.
I doubt this makes much sense. From what I have seen,
usually the magic string at the start is gone as well,
and then there is a real risk that people try this with
the wrong data. Using a hex-editor is not that hard and
using a hex-dumper is basically required to get any
reasonable form of diagnostics. Even the keyslot-
checker is basically a specialized hexdump tool.
> I am aware that one could use the non-LUKS mode to open a LUKS device by
> passing all required parameters, admitted. But a mode where one can use
> what's in the header and override single fields could be interesting. Once
> the correct params are determinde this way, one could maybe add an option
> to repair the header with the given replacements (Maybe by adding the
> option to reencryt?).
> Just some thoughts that crossed my mind.
I doubt this really helps. Also remember that finding out what
actually broke the header is important, so fiddeling around
with an opaque header and commandline arguments to cryptsetup
after you have analyzed a hexdump strikes me as not that effective.
I do understand that hex-editing is akward for many people,
but I do not think this makes it any better or clearer.
One thing that would help a bit is a header layout with
hex offsets. I think I am going to add that to the FAQ.
Admittedly, the whirlpool problem (BTW, now documented in
FAQ Item 8.3) would be easy to solve with your proposal.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. - Plato
More information about the dm-crypt