LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   cryptsetup won't open crypted fs on raid5 with known luks passphrase (http://www.linuxquestions.org/questions/linux-security-4/cryptsetup-wont-open-crypted-fs-on-raid5-with-known-luks-passphrase-683173/)

luboss 11-13-2008 10:33 AM

cryptsetup won't open crypted fs on raid5 with known luks passphrase
 
Hello all,

I don't write in forums usually but now I'm hopeless and thinking about shred luks crypted disk
I have working RAID5 - cons. of 3 disks where I have crypted partition with lrw-benbi, using luks. It worked me day after day but once after I rebooted it and tried to reopen it didn't work anymore:
Code:

cryptsetup luksOpen /dev/md2 cpv0
Enter LUKS passphrase:
Command failed.

I'm 99% sure I used the right password.

all prereq. are fullfilled:
Code:

root@lsmod|grep -E 'dm_cr|lrw|aes'
aes_x86_64              8576  1
aes_generic            28072  1 aes_x86_64
dm_crypt              12936  1
dm_mod                48200  5 dm_crypt,dm_mirror,dm_log,dm_snapshot
lrw                    3968  1
crypto_blkcipher      16004  3 dm_crypt,lrw
gf128mul                7552  1 lrw
root@lubox:~/scripts# uname -a
Linux lubox 2.6.26 #2 Sun Aug 17 22:12:17 CEST 2008 x86_64 GNU/Linux

mdadm is working ok:
Code:

root@lubox:~# mdadm --detail /dev/md2
/dev/md2:
        Version : 00.90.03
  Creation Time : Thu Oct 30 18:46:00 2008
    Raid Level : raid5
    Array Size : 974277632 (929.14 GiB 997.66 GB)
    Device Size : 487138816 (464.57 GiB 498.83 GB)
  Raid Devices : 3
  Total Devices : 3
Preferred Minor : 2
    Persistence : Superblock is persistent

    Update Time : Thu Nov 13 17:32:05 2008
          State : clean
 Active Devices : 3
Working Devices : 3
 Failed Devices : 0
  Spare Devices : 0

        Layout : left-symmetric
    Chunk Size : 128K

          UUID : a65f276f:505dd844:0624c941:ba7d69df (local to host lubox)
        Events : 0.20

    Number  Major  Minor  RaidDevice State
      0      8        3        0      active sync  /dev/sda3
      1      8      19        1      active sync  /dev/sdb3
      2      8      35        2      active sync  /dev/sdc3

can be there some other issue then wrong password?
had somebody similar problem like this?

Randux 11-13-2008 11:03 AM

I can't help on this except that it's easy to mess up entering your passphrase. If you know how to use Emacs, split your screen and open a shell. You can paste your password into the mount prompt. You can probably do this with some consoles but I use Emacs for this kind of thing.

luboss 11-13-2008 11:50 AM

hi Randux,

thanks for your answer. I do not use emacs, only vi, worse I cannot install it right now since apt-get install doesn't work.
By the way I really don't understand how you mean it, sorry :-)
How can be prooved I don't use right password? Can this be some other issue?

Lubos

Randux 11-13-2008 01:55 PM

You can't verify your password when you're typing it because the prompt doesn't echo it. If you type it in an editor session where you can see it, you're more likely to spot an error. Or if you have it saved in a file (bad idea) you can copy and paste it.

BTW if you use the Bash shell, .bash_history can save a lot of confidential info. Either mount it on a secure drive or change your .bash_profile to exclude certain commands. [Man histignore]

Also may be worth checking on debian mailing lists or website to see if anyone has a similar problem :-(


All times are GMT -5. The time now is 04:43 AM.