LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 12-31-2012, 12:38 AM   #1
robertolamb
LQ Newbie
 
Registered: Dec 2012
Posts: 6

Rep: Reputation: Disabled
Combining Luks and LVM - Error after 3 bad passphrase


My hard disk is encrypted by having followed the tutorial Combining LUKS and LVM. When I enter the correct passphrase, my computer starts normally. when I enter consecutively 3 bad passphrases, I get an error message:

Quote:
mount: mounting /dev/cryptvg/root on /mnt failed: No such file or directory
ERROR: No /sbin/init found on rootdev (or not mounted). Trouble ahead.
You can try to fix it. Type 'exit' when things are done.

/bin/sh: can't access tty; job control turned off
#
any advices?
 
Old 12-31-2012, 01:28 AM   #2
T3slider
Senior Member
 
Registered: Jul 2007
Distribution: Slackware64-14.1
Posts: 2,298

Rep: Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722
Quote:
Originally Posted by robertolamb View Post
My hard disk is encrypted by having followed the tutorial Combining LUKS and LVM. When I enter the correct passphrase, my computer starts normally. when I enter consecutively 3 bad passphrases, I get an error message:
From `man cryptsetup`:
Code:
       --tries, -T
              How  often  the  input  of the passphrase shall be retried. This
              option is relevant every time a password is asked, like  create,
              luksOpen, luksFormat or luksAddKey. The default is 3 tries.
You could modify the lines in the `init` script in the initrd (and/or /etc/rc.d/rc.S depending on whether you have other non-root LUKS partitions) that open the device (cryptsetup lines with luksOpen) to add the -T argument to give you more tries if you want. Note that this makes it easier for others to brute force your box (though I suppose they could do that anyway if they remove your hard drive). I haven't tested this so adding that option may or may not work. I think 3 guesses is a reasonable default to allow you to make a couple of mistakes while preventing brute force attempts but you may feel differently.
 
Old 12-31-2012, 06:04 AM   #3
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,383

Rep: Reputation: Disabled
Quote:
Originally Posted by robertolamb View Post
My hard disk is encrypted by having followed the tutorial Combining LUKS and LVM. When I enter the correct passphrase, my computer starts normally. when I enter consecutively 3 bad passphrases, I get an error message:

any advices?
What did you expect would happen then? Sounds like an OK result to me.

Eric
 
Old 12-31-2012, 09:40 AM   #4
STDOUBT
Member
 
Registered: May 2010
Location: Stumptown
Distribution: Slackware 14.0/32bit + Xmonad
Posts: 280

Rep: Reputation: 74
Quote:
Sounds like an OK result to me.
Salute, Eric!
IMO, failing to input the correct passphrase should not offer you any kind of shell!!!
Read closely his message -he gets dropped to a limited (busybox?) shell.

Last edited by STDOUBT; 12-31-2012 at 09:51 AM.
 
Old 12-31-2012, 10:02 AM   #5
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,383

Rep: Reputation: Disabled
Quote:
Originally Posted by STDOUBT View Post
Salute, Eric!
IMO, failing to input the correct passphrase should not offer you any kind of shell!!!
Read closely his message -he gets dropped to a limited (busybox?) shell.
There is nothing wrong with getting dropped to the Slackware emergency shell. In fact, it is there for people with configuration errors whose system won't boot. Three consecutive passphrase entry errors could be a keyboard problem which has to be investigated.

With a LUKS encrypted hard drive there is nothing a hacker can do in the restricted shell which gives him a way into the system. If the hacker is at the console anyway (which is the only place where you can enter the LUKS passphrase) he could just as well use a bootable CDROM to gain access to the computer without booting Slackware, or he can even rip out the entire harddisk and take it home. There is no difference in the level of danger to your encrypted files.

Eric
 
Old 12-31-2012, 10:34 AM   #6
robertolamb
LQ Newbie
 
Registered: Dec 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by T3slider View Post
From `man cryptsetup`:
Code:
       --tries, -T
              How  often  the  input  of the passphrase shall be retried. This
              option is relevant every time a password is asked, like  create,
              luksOpen, luksFormat or luksAddKey. The default is 3 tries.
You could modify the lines in the `init` script in the initrd (and/or /etc/rc.d/rc.S depending on whether you have other non-root LUKS partitions) that open the device (cryptsetup lines with luksOpen) to add the -T argument to give you more tries if you want. Note that this makes it easier for others to brute force your box (though I suppose they could do that anyway if they remove your hard drive). I haven't tested this so adding that option may or may not work. I think 3 guesses is a reasonable default to allow you to make a couple of mistakes while preventing brute force attempts but you may feel differently.

I followed the tutorial README_CRYPT.TXT Combining LUKS and LVM section (same setup, partitions, volumes, names). Please, can you be more specific and tell me exactly what changes to make to change the default 3 to 4 tries. It might be easier to show me where the changes are if you make changes directly on the README_CRYPT.TXT

thank you


Quote:
Originally Posted by Alien Bob View Post
What did you expect would happen then? Sounds like an OK result to me.

Eric
Sorry, I did not read the 'man crypysetup' which states "The default is 3 tries" before posting. I was not expecting a kick out but rather a constant retry similar to Slackware logging in. Evidently, 3 tries is safer. To avoid Kernel panic caused by the exit command after 3 bad passphrases at prompt #, what are the constructive choices that are available to me? Hard reboot?

thank you
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Luks passphrase divyashree Linux - Newbie 2 06-21-2011 07:23 AM
[SOLVED] Combining LUKS and LVM... LILO fails to boot STDOUBT Slackware - Installation 4 06-10-2010 10:58 PM
Luks global passphrase? ESC201 Linux - Security 3 08-03-2009 07:31 PM
Serial Console and LUKS Passphrase redgoblin Linux - Server 2 05-02-2008 10:29 AM
Trying to set up a LVM partition combining two drives. EVMS error. (FSIM returned 1) Mysticle31 Linux - Server 1 12-07-2007 07:29 AM


All times are GMT -5. The time now is 10:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration