[prev in list] [next in list] [prev in thread] [next in thread]
List: dm-crypt
Subject: Re: [dm-crypt] corrupt luks header on crypted raid5 :(
From: Arno Wagner <arno () wagner ! name>
Date: 2011-02-01 11:49:05
Message-ID: 20110201114905.GA29221 () tansi ! org
[Download RAW message or body]
On Tue, Feb 01, 2011 at 11:03:29AM +0100, Arends, R.R. wrote:
> Hi all,
>
> I got a mdadm raid5 layer over 6 disks, the raid failed, but i manage to
> get it back up.
>
> But now it seems that the luks header is corrupt.
>
> It doesn't except my passwords anymore...
>
> Enter passphrase for /dev/md3:
> No key available with this passphrase.
>
> luksDump still reports the info though...
>
> cryptsetup luksDump /dev/md3
> LUKS header information for /dev/md3
>
> Version: 1
> Cipher name: aes
> Cipher mode: cbc-essiv:sha256
> Hash spec: sha1
> Payload offset: 1032
> MK bits: 128
> MK digest: a1 1f b8 22 77 a9 de 2e 19 81 12 54 88 28 e4 0d 0d 39 42 40
> MK salt: 11 2f 27 30 a3 f1 33 6f 3b 5b b3 7c c1 55 a2 af
> f7 1c 81 ad 19 fd d2 75 93 c3 b9 aa 6e a4 15 0a
> MK iterations: 10
> UUID: 75e65cb7-0444-4df7-a8f8-0677b6b277ba
>
> Key Slot 0: ENABLED
> Iterations: 116904
> Salt: 45 f5 3b 7c 20 ea 09 b8 fa be 60 db 49 5f 4b e0
> 6c 42 20 44 f1 e4 03 7a 4c 32 60 40 c4 54 37 4e
> Key material offset: 8
> AF stripes: 4000
>
> I'm clueless on how to fix this.... And there is alot of personal data
> missing now...
I _strongly_ advise you to read the FAQ section about LUKS backup.
FAQ is here:
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
and should have appeared today on the list, but it seems it is
stuck in a mailqueue somewhere on saout.de.
> Can anyone point me in the right direction on fixing the luks header, or
> helping me out another way.
You should check the RAID first. If it failed, you may not
actually have "gotten it back" at all. The LUKS header fits
into a single stripe, hence the only thing that needs to
match for luksDump is that you have the same first disk
as before.
See FAQ for header layout.
Incidentally, the same thing happened to somebody else
here about a week ago. Thet person seems to have had an
issue where he possibly forced a RAID5 rebuilt after
one drive had gotten written to wrongly and the rebuilt
copied the error to the other disks and wiped out the
original keyslot data.
Mailing list archive is here:
http://dir.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic