LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-05-2020, 09:05 AM   #1
tjallen
LQ Newbie
 
Registered: Jan 2014
Location: Central New York
Distribution: Slackware
Posts: 18

Rep: Reputation: 3
Implications of a compressible LUKS1 header?


I have two external backup drives encrypted with LUKS and I have backed up their LUKS headers. Both drives are encrypted with the same ciphers, hash functions, and have the same passphrases. I noticed that the headers are the same size, but when I gzip them, one is uncompressible and stays at about 2 MiB in size, while the other compresses down to about an eighth of the size: 254 KiB. I first noticed that something was odd because I had used gpg to encrypt the headers and found the same result with the .gpg files. All the LUKS headers for my other disks are essentially incompressible.

My question is whether there's a problem with the LUKS encryption of my drive with the compressible header. Perhaps the encryption key is weak? Should I re-encrypt the drive with the compressible header?

Does anyone have an idea of what's up with the compressible LUKS header?

Last edited by tjallen; 08-05-2020 at 12:45 PM.
 
Old 08-05-2020, 09:19 AM   #2
berndbausch
LQ Guru
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 5,369

Rep: Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621Reputation: 1621
You can use cryptsetup luksdump to look into header contents and compare.

"Compressible" means that there are long strings of identical bytes or byte patterns, often zeros. Perhaps one disk was wiped with zeros before creating the header, and the other wasn't and still contains hard to compress garbage. Programs like hexdump or od might help confirming this.
 
Old 08-05-2020, 10:09 AM   #3
tjallen
LQ Newbie
 
Registered: Jan 2014
Location: Central New York
Distribution: Slackware
Posts: 18

Original Poster
Rep: Reputation: 3
berndbausch,

Thanks for the reply. cryptsetup luksDump doesn't seem particularly different for the two drives. I did start to fill the first drive with random data but at the rate it was going I saw that it would have taken more than a week to do so, so I stopped after I figured that out and I didn't bother with the second drive, preferring instead to fill the encrypted filesystems with zeros after encryption instead, which should accomplish the same thing. If the header contains some data from the drive before encryption when not all key slots are filled, that would explain it. I thought of opening copies of the headers in a hex editor, but I'm not sure what I'd be looking at, so I haven't done it.

Ted
 
Old 08-05-2020, 12:48 PM   #4
tjallen
LQ Newbie
 
Registered: Jan 2014
Location: Central New York
Distribution: Slackware
Posts: 18

Original Poster
Rep: Reputation: 3
berndbausch,

Surely you are correct that the file is small because I didn't write random data to the drive first. I opened the header files in a hex editor and after the first 254 KiB or so, the file is all zeroes. Thanks for the answer!

Ted
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot get past GDISK- Caution: Invalid backup GPT header, but valid main header, regenerating backup header from main header. murde Linux - Newbie 2 05-30-2020 08:23 PM
How can I detect compressible data? yaplej Programming 6 04-17-2011 11:55 AM
How to check missing header files included from another header file adisan82 Linux - Software 1 01-28-2011 03:57 AM
c header files in linux in place of header files in windows? harun_acs Programming 1 03-17-2004 02:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration