Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does LUKS encryption store data in such a way that any accidents involving loss of data in an unmounted partition would render the entire partition unusable, or is it possible to destroy just a few files atomically so it would still be possible to mount that partition and retrieve other files?
Backstory:
I was installing OpenBSD on a hard disk with about a dozen partitions: NTFS, FAT, EXT3, EXT4 and 3 partitions encrypted with LUKS. I made a mistake and told OpenBSD to use the whole disk instead of one partition. I realized my mistake some 4 or 5 seconds later, then I pressed Ctrl+c and killed the process. I suddenly had a blank HDD with a very large partition, a very small partition and no more Grub.
I had backups, but they were a few days old so I attempted recovery with a program called Testdisk. It worked. I recovered everything. I can even decrypt/open/mount my LUKS partitions.
Except that one of them took longer to comply. It refused to decrypt in the first couple of attempts. It finally gave in. Maybe I was mistyping the password. I don't know.
Anyway, I opened these partitions and tested many files. Everything seemed OK. After a couple of hours, I was editing text files in a particular directory with many text files and ran into one that is completely mangled, garbled, corrupt. Beyond any chance of recovery.
I have another copy of that file, but now I am apprehensive. Could any other file in those encrypted partitions have been corrupted by that accident? Or is that completely unrelated? I am wondering, does LUKS work in such a way that any corruption would destroy the entire partition, or is it possible to destroy just a few files atomically?
If a stream of random bites hits the filesystem when it is opened, the resulting corruption would be the same that you could expect from an usual filesystem.
If a stream of random bites hits the partition where the LUKS volume is placed, there can happen many things:
-- The LUKS header is affected. Unless you have a backup of the header, you have lost your data forever.
-- One or more blocks of encrypted data are affected. The result of this depends on the algorithm, initialization vector you use, etc. A 512 bytes block (for example) that has its twentieth byte corrupted is only readable up to byte 19, and the rest of it is lost. I think that, with most encryption configurations out there, the corruption would not spread to other blocks (Can someone confirm this?).
So, if corruption hit some data blocks, you could loose a few files, but hardly the whole filesystem.
Last edited by BlackRider; 08-10-2011 at 12:01 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.