* [dm-crypt] LUKS header cksum?
@ 2012-07-20 18:25 Two Spirit
2012-07-20 20:42 ` Arno Wagner
0 siblings, 1 reply; 2+ messages in thread
From: Two Spirit @ 2012-07-20 18:25 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 659 bytes --]
I was wondering if there is a checksum on the LUKS header? I didn't read
the whole thing, but a quick look at
the
http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf
specs, seems to only have
a checksum of the master-key, not of the whole header.
When I found my corruption, the cryptsetup seemed to work fine and nothing
indicated to me that there was some corruption.
I didn't run isLuks to see what that would have said. Evidently there was
enough information around to consider the LUKS was
there, and keep the running system working OK, but not enough to recognize
that there was corruption and that my
passphrases wouldn't work.
[-- Attachment #2: Type: text/html, Size: 848 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dm-crypt] LUKS header cksum?
2012-07-20 18:25 [dm-crypt] LUKS header cksum? Two Spirit
@ 2012-07-20 20:42 ` Arno Wagner
0 siblings, 0 replies; 2+ messages in thread
From: Arno Wagner @ 2012-07-20 20:42 UTC (permalink / raw)
To: dm-crypt
On Fri, Jul 20, 2012 at 11:25:13AM -0700, Two Spirit wrote:
> I was wondering if there is a checksum on the LUKS header? I didn't read
> the whole thing, but a quick look at
> the
> http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf
> specs, seems to only have
> a checksum of the master-key, not of the whole header.
There is no header checksum. It is not needed. Any corruption
that may be introduced by defective RAM, busses, controllers
and disks should be detectet at the same time a checksum
error would be detected, namely on luksOpen. Note that these
only be introduced on header writes or if the disk goes south.
In tha later case, the disk has its own checksums and should
report the error and refuse to actually read the header.
> When I found my corruption, the cryptsetup seemed to work fine and nothing
> indicated to me that there was some corruption.
> I didn't run isLuks to see what that would have said. Evidently there was
> enough information around to consider the LUKS was
> there, and keep the running system working OK, but not enough to recognize
> that there was corruption and that my
> passphrases wouldn't work.
Are you talking about a _mapped_ LUKS device? The header is not
used after the mapping is established. You could completely wipe
the header and key-slots and the mapping would remain
operational and no error would ever be reported while the
mapping remains active. A header checksum would not change
anything.
You could use --test-passphrase to see whether the header and
specific key-slot is still intact for a mapped device though.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-07-20 20:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-20 18:25 [dm-crypt] LUKS header cksum? Two Spirit
2012-07-20 20:42 ` Arno Wagner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.