Can't unlock encrypted disk
I use Debian default encryption disk encryption. Only /boot it's not encrypted. When I boot I need to type my password, and then I will be logged in. But now I can't login. It always says that I typed the wrong password, but I typed the correct password.
I tried to boot in live-CD and try unlock volume from there. But It always says wrong password. Before that I had an achieve that had a 90GB file in it and I tried to underachieve it, but it gave me error not enough space. I get notification that I'm out of space 600mb left, but when type df -h I saw I have same amount of space as before I start to unarchieving file. Looks like file was autodeleted by Debian system. I have no BADs on disk. Sometimes I have some issues with RAM module and I my PC stucks but I always can unlock the disk. In that case I need to clean RAM module and PC is not stucking anymore. I tried remove RAM modules and boot with only one of them, but still can't unlock disk. I have 2 HDDs with Debian and only one of them is not unlocking. Other one is working fine. https://i.postimg.cc/gYjmdvw5/1.jpg When I try to boot like this https://i.postimg.cc/k4ZDcchY/2.jpg I get this https://i.postimg.cc/CxVmhys7/3.jpg When I boot like this https://i.postimg.cc/YSCN0tG6/4.jpg I get https://i.postimg.cc/wT5Dk1D5/5.jpg https://i.postimg.cc/d0fC0rKF/6.jpg |
I would say this is a problem with the disk, you need to find the first error. In picture 3 there is an nvidia related error too.
Or probably something else, but we have no information to say more. |
Quote:
If the header is OK but the password is not correct, this is a case for cryptsetup luksAddKey. A LUKS header has room for 8 pass phrases, as the luksDump command shows. Too late in your case, but perhaps next time? You could also try a password cracker, but that would take time and powerful computers. Also, if the encrypted data is useful, back it up (i.e. not only a LUKS header backup). I am afraid these would be the only options to get your data back. |
Quote:
Quote:
Yes too late now, now I can't cryptsetup luksAddKey. I didn't even think that header/encryption... can get corrupted without reason. I was using PC just like always. If I can't recover data and it's lost forever. Is there a way I find the reason why this happen ? |
Quote:
Quote:
|
For people using something other than the default "US English" keyboard mapping, LUKS keyslot problems are often traced to mapping issues. Is there any chance that this is the problem?
The only tool that attempts to check for corrupted keyslot data is the chk_luks_keyslots program that is referenced in FAQ section 4.2. That tool evaluates the "randomness" of the keyslot data, and any block with a low randomness score is an indication that the block may have been overwritten. That tool must be compiled from the misc/ directory in the cryptsetup source. There is no other test for corruption of the keyslot data. The LUKS header is deliberately designed so that any corruption makes the key unrecoverable. The only protection against that is having a backup of the LUKS header. |
Quote:
Quote:
Can I chk_luks_keyslots from live cd ? I just need to repeat all actions from README and just replace /dev/loop0 with /dev/sda6 in my case? |
Quote:
Quote:
|
Quote:
Quote:
|
Thank you
I duplicate this: I just need to repeat all actions from README and just replace /dev/loop0 with /dev/sda6 in my case? Sorry for flood, but just want to be sure that I don't destroy/damage anything on that disk or other disk |
Quote:
|
Quote:
Code:
cryptsetup luksHeaderBackup /dev/sda# --header-backup-file ~/luksheaderbak Question: Is the key contained in the header? If an attacker had this header's backup, would they be able to retrieve a key from it, with this chk_luks_keyslots program? If so, that explains why you have to custom compile it in. I never tape my passwords under my desk drawer--they're all in my head--but a file that could unlock everything, I must now protect too. |
Quote:
|
I want to compile keyslot_checker , but I get error
Code:
gcc -lm -lcryptsetup chk_luks_keyslots.c -o chk_luks_keyslots Code:
There is a tool that Code:
apt-cache policy cryptsetup |
The FAQ you cite has nothing to do with your problem. The FAQ is about running the program, but you don't even have a program yet that can be run. You need to compile it first.
Your problem is likely that you have to download the entire source code including the missing header file, not just chk_luks_keyslots.c. Or that header file is not at a location where the compiler finds it. |
All times are GMT -5. The time now is 11:46 AM. |