From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from slow1-d.mail.gandi.net (slow1-d.mail.gandi.net [217.70.178.86]) by mail.server123.net (Postfix) with ESMTP for ; Mon, 8 Feb 2016 23:25:28 +0100 (CET) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by slow1-d.mail.gandi.net (Postfix) with ESMTP id 36BDB47B3D9 for ; Mon, 8 Feb 2016 23:02:34 +0100 (CET) Received: from lustre.ryper.org (unknown [IPv6:2001:470:b825:1:a53c:cda:2943:1e8e]) (Authenticated sender: sub@ryper.org) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 30A7F1720A5 for ; Mon, 8 Feb 2016 23:02:30 +0100 (CET) Date: Mon, 8 Feb 2016 16:02:27 -0600 From: Rypervenche Message-ID: <20160208160227.6a446085@lustre.ryper.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: [dm-crypt] Size of LUKS header and how to overwrite List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi all, I have LUKS on a GPT-partitioned SSD and I have recently been looking at moving my LUKS header off of the disk and onto a USB drive. I have my initramfs set up to do so, however I am not sure how much space to overwrite on my SSD to remove the header from it and replace it with random data. So, I am not sure how many bytes to remove from the beginning of my partition or what to set my --align-payload to. Any help? Below is some information that may be useful: ========================================== # cryptsetup luksDump /dev/sda1 LUKS header information for /dev/sda1 Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec: sha512 Payload offset: 4096 MK bits: 512 ... ========================================== I have heard that the LUKS header should be 2MiB, but I have a few headers from previous LUKS-encrypted drives, and I see that some are 2020 bytes and others are 2048, I can't see what the differences are between them (as you can see one aes, xts-plain64, sha512 is 2020 and another is 2048). ========================================== # for i in *; do echo $(du -s $i | awk '{print $1}'): $(file $i | grep -oP '(?<=\[).*(?=\])'); done | sort -n 1028: aes, cbc-essiv:sha256, sha1 2020: aes, xts-plain64, sha1 2020: aes, xts-plain64, sha1 2020: aes, xts-plain64, sha512 (my current SSD that I want to do this to) 2048: aes, cbc-essiv:sha256, sha1 2048: aes, cbc-essiv:sha256, sha1 2048: aes, xts-plain64, sha512 2048: aes, xts-plain:sha256, sha1 ========================================== And lastly, my partition setup: ========================================== # gdisk -l /dev/sda GPT fdisk (gdisk) version 1.0.1 Partition table scan: MBR: protective BSD: not present APM: not present GPT: present Found valid GPT with protective MBR; using GPT. Disk /dev/sda: 500118192 sectors, 238.5 GiB Logical sector size: 512 bytes Disk identifier (GUID): 2ACE732B-C8D6-4E03-8E46-1D6A5B4D8CB0 Partition table holds up to 128 entries First usable sector is 34, last usable sector is 500118158 Partitions will be aligned on 2048-sector boundaries Total free space is 2014 sectors (1007.0 KiB) Number Start (sector) End (sector) Size Code Name 1 2048 500118158 238.5 GiB 8300 Linux filesystem ========================================== I would appreciate it it someone could let me know how I can find out exactly how many bytes I should be removing and what I should be setting my --align-payload to. Thank you, Rypervenche