LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 06-30-2010, 11:16 AM   #1
IceDragon
LQ Newbie
 
Registered: Aug 2005
Location: Switzerland
Distribution: Kubuntu, Arch Linux
Posts: 20

Rep: Reputation: 1
Question Tricky Problem with corrupted LUKS-encrypted partition


Hello,

I have a really tricky and may be intresting problem with a encrypted disk partition (cryptsetup luks...) which was fine until it accidentally got re-formatted by an instance of Windows 7. Most of the data on that 1TB-disk will probably still exist, only the LUKS header at the very beginning of the partition is - of course - gone.

So when I try to open the container, it gives no verbose, just the return value 234.

I scanned the whole partition for other LUKS headers with hexedit, none there. But, luckyly I have another partition which is encrypted in the exact same way with the exact same passphrase (which I remember very well!), so I had an idea: I copied the LUKS header (592 bytes) from the other LUKS encrypted partition over to the damaged partition.
When I now issue
Code:
cryptsetup luksOpen /dev/sde1
the passphrase is asked, I enter it, which results in the error
Code:
No key available with this passphrase
Here is the command how I created the container:
Code:
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sde1
How do I get the existing passphrase accepted by LUKS?
What an I missing?

Any ideas, suggestions are greatly appreciated!
Thanks in advance,
IceDragon
 
Old 07-01-2010, 04:21 AM   #2
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Not at all knowledgeable on LUKS and encrypted filesystems, so I'm just checking the basics from the man pages/google here:
Can you perform any action (remove, addKey, dump header,...)?
Secondly, cryptsetup seems to be a convenient shorthand util for the underlying dm-crypt. Did you search in that direction?
 
Old 07-01-2010, 04:31 AM   #3
zirias
Member
 
Registered: Jun 2010
Posts: 361

Rep: Reputation: 59
I hope you didn't have any valuable data on that partition You're most definitely out of luck.

First: The encryption master key is completely random and stored in encrypted form in the header. When you lose the header, this key is lost.

Second: The key to decrypt the master key is indeed derived from your passphrase, but using a random salt. So there is no way to get the same "master-key-decryption-key" from a different luks header with the same passphrase.
 
1 members found this post helpful.
Old 07-02-2010, 11:54 AM   #4
IceDragon
LQ Newbie
 
Registered: Aug 2005
Location: Switzerland
Distribution: Kubuntu, Arch Linux
Posts: 20

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by timmeke View Post
Can you perform any action (remove, addKey, dump header,...)?
Secondly, cryptsetup seems to be a convenient shorthand util for the underlying dm-crypt. Did you search in that direction?
No, I am not able to do ANY operation besides
cryptsetup isLuks /dev/sde1
which returns true since I copied the header of an other LUKS partition

thanks anyway,

Ice
 
Old 07-02-2010, 12:13 PM   #5
IceDragon
LQ Newbie
 
Registered: Aug 2005
Location: Switzerland
Distribution: Kubuntu, Arch Linux
Posts: 20

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by zirias View Post
First: The encryption master key is completely random and stored in encrypted form in the header. When you lose the header, this key is lost.

Second: The key to decrypt the master key is indeed derived from your passphrase, but using a random salt. So there is no way to get the same "master-key-decryption-key" from a different luks header with the same passphrase.
No, the data on this partition wasn't crucial, mostly temporary files, and working directories of various projects. No working hours are lost, I just have to re-render a lot of things, not really a big deal.
(I now like my habit of backing up crucial files, HOWTOs, any project data, and documentation very much!)

But you just confirmed what I suspected anyway and other sources already said - that any LUKS header differs greatly from another even if the cypher mode, hash function and password are identical.
I consider the data lost and will reformat the drive.

But one last question:
To prevent such a loss in the future, how much do I have to save? Is it enough to save the 592 bytes of the LUKS header (as this info specifies here http://de.wikipedia.org/wiki/Dm-crypt#On-Disk-Format (in german) )or do I need more?


Thanks in advance,
Ice
 
Old 07-02-2010, 05:05 PM   #6
zirias
Member
 
Registered: Jun 2010
Posts: 361

Rep: Reputation: 59
AFAIK, the header SHOULD be enough, i don't know of any "backup headers" in LUKS like e.g. in truecrypt (that would have come to your rescue right now)... but please, no warranty of any kind on that info

I have a quite similar problem right now with truecrypt (lost keyfile, so existing header is useless), but I happen to know the master encryption key, so I hope to recover by "hacking" truecrypt
 
Old 07-02-2010, 05:39 PM   #7
IceDragon
LQ Newbie
 
Registered: Aug 2005
Location: Switzerland
Distribution: Kubuntu, Arch Linux
Posts: 20

Original Poster
Rep: Reputation: 1
Know what? I just test that and let's see whether these 592Bytes are enough.

Besides, good luck with your "hacking"...

Ice
 
Old 07-03-2010, 04:16 AM   #8
IceDragon
LQ Newbie
 
Registered: Aug 2005
Location: Switzerland
Distribution: Kubuntu, Arch Linux
Posts: 20

Original Poster
Rep: Reputation: 1
Ok, I just tested whether saving the first 592bytes will do...
quick answer: No, it won't.

I generated a LUKS partition, copied some files into it, unmounted and closed it, saved the header with dd, issued an mkntfs (without zeroing the device, to simulate what apparently happened). Then I restored the LUKS header and tried to open it - nope, did not work.
It seems that backing up the first 592bytes is not enough to restore even part of the data on a LUKS partition after it got corrupted.
Something is missing, but what?

Greetings, Ice
 
Old 07-03-2010, 05:31 PM   #9
skola
Member
 
Registered: Nov 2009
Posts: 66

Rep: Reputation: 19
I'm not any kind of programmer/hacker though familiar with disk editors. I tried a couple of experiments with luks and Truecrypt using small partition/files (make it easier) on a clean disk.

With identical sized startings and adding known size files plus same/diff length/words password and comparing sectors I tried the sectors copy to no avail. So I believe that hack is safe and your data is gone.
 
Old 07-03-2010, 06:43 PM   #10
IceDragon
LQ Newbie
 
Registered: Aug 2005
Location: Switzerland
Distribution: Kubuntu, Arch Linux
Posts: 20

Original Poster
Rep: Reputation: 1
LUKS is open source and I am a programmer for 25 years now, so when I find some time, I'm gonna look into this beast to determine how it is backed up (if one does not want to back up the whole partition)

Lesson learned for now: If a disk with a linux partition on it is moved to a PC with Windows 7 installed, make sure that it's partition type flag is NOT accidentally 0x07 = "Windows NTFS" or something similar, because then Windows may attempt to "repair" the "damaged" partition.


Greetings, Ice
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
gentoo luks encrypted root partition - lots of trouble (with initramfs) Meson Gentoo 10 10-15-2009 04:15 PM
Slackware64-current: Creation of LUKS encrypted partition segfaults titopoquito Slackware 16 08-16-2009 04:02 AM
Recover encrypted LUKS partition itinlopez Linux - General 3 11-30-2008 02:20 AM
mount luks encrypted partition with kdm mattydee Slackware 2 01-28-2008 12:32 AM
Encrypted ReiserFS partition corrupted... What now? nitroid Linux - General 1 07-31-2005 03:51 PM


All times are GMT -5. The time now is 07:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration