[dm-crypt] LUKS header recovery attempt from apparently healthy SSD

Arno Wagner arno at wagner.name
Sat Apr 22 15:45:58 CEST 2017

On Sat, Apr 22, 2017 at 15:33:28 CEST, Robert Nichols wrote:
> On 04/21/2017 07:25 PM, Arno Wagner wrote:
> >Aassume 1 bit has been corrupted in a random place.
> >A key-slot is 256kB, i.e. 2Mbit. That means trying it
> >out (flip one bit, do an unlock attempt) would take
> >2 million seconds on the original PC, i.e. 23 days.
> >This can maybe be brought down by a factor of 5 or so
> >with the fastest avaliable CPU (the oteration count of
> >150k is pretty low), i.e. still roughly 5 days.
> >
> >This may be worth giving it a try, but it requires some
> >serious coding with libcryptsetup and it will only
> >help on a single bit-error.
> >
> >It may of course be a more complex error, especially
> >when ECC in the disk has corrected an error to the
> >wrong value, because the original was too corrupted.
> The drive would almost certainly have detected and corrected a single-bit
> error.

Only when the error happened in FLASH. It can happen in 
RAM and on a bus and there it would not have been corrected.
Can even be a transient error (charged cosmic particle
impacting a RAM cell, e.g.), these things happen.
> >
> >The keyslot checker is no help here, it is intendend
> >to find gross localized corruption,
> It is still worth running the keyslot checker to detect gross corruption
> before spending 5+ days in a (probably futile) search for a single bit
> flip.

That has already been done. But I agree that 
the chances for a single-bit error are not good.

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

More information about the dm-crypt mailing list