• Re: RHEL5 and problems with cryptsetup luksOpen

    From Allen Kistler@110:300/1.1 to All on Sun Sep 27 12:04:02 2009
    Kurt wrote:
    I just did an "yum update" and now I cannot access my encrypted disk. As
    this is Red Hat Enterprise I must say I doubt that this is an error in the distribution and maybe the error is a faulty password or alike but I need to toss this in the air and see what happens as I have no other ideas as I have entered this password countless number of times previously.

    [snip]

    cryptsetup uses kernel crypto modules. Try booting your older kernel.

    If that works, check the release notes. (I don't remember seeing
    anything, but ...) If there's nothing in the release notes, file a bug
    against the current kernel using whatever level of support your contract allows.

    --- MBSE BBS v0.95.5 (GNU/Linux-x86_64)
    * Origin: Aioe.org NNTP Server (110:300/1.1@linuxnet)
  • From Kurt@110:300/1.1 to All on Sun Sep 27 13:22:16 2009
    I just did an "yum update" and now I cannot access my encrypted disk. As
    this is Red Hat Enterprise I must say I doubt that this is an error in
    the
    distribution and maybe the error is a faulty password or alike but I need >> to
    toss this in the air and see what happens as I have no other ideas as I
    have
    entered this password countless number of times previously.
    [snip]

    cryptsetup uses kernel crypto modules. Try booting your older kernel.

    If that works, check the release notes. (I don't remember seeing
    anything, but ...) If there's nothing in the release notes, file a bug against the current kernel using whatever level of support your contract allows.

    Sadly that didn't help either. I also tried mounting on a CentOS 5.2 where
    my current system is RHEL 5.4
    So I guess this looks like a brain-meltdown (cannot remember my password)?
    :-(

    Just to be absolutely sure - there is no way to reset the password or access the content somehow? Will a professional company be able to do it? Naturally this must be taken into consideration that this is only private stuff
    gathered over the years only having an emotional value for me (pictures,
    text etc).



    --- MBSE BBS v0.95.5 (GNU/Linux-x86_64)
    * Origin: SunSITE.dk - Supporting Open source (110:300/1.1@linuxnet)
  • From Loki Harfagr@110:300/1.1 to All on Sun Sep 27 15:58:32 2009
    Sun, 27 Sep 2009 14:22:16 +0200, Kurt did cat˙:

    I just did an "yum update" and now I cannot access my encrypted disk.
    As this is Red Hat Enterprise I must say I doubt that this is an error
    in the
    distribution and maybe the error is a faulty password or alike but I
    need to
    toss this in the air and see what happens as I have no other ideas as
    I have
    entered this password countless number of times previously. [snip]

    cryptsetup uses kernel crypto modules. Try booting your older kernel.

    If that works, check the release notes. (I don't remember seeing
    anything, but ...) If there's nothing in the release notes, file a bug
    against the current kernel using whatever level of support your
    contract allows.

    Sadly that didn't help either. I also tried mounting on a CentOS 5.2
    where my current system is RHEL 5.4
    So I guess this looks like a brain-meltdown (cannot remember my
    password)? :-(

    It happened to me that after a power failure (well sort of, that
    was just some people coming to my office and using the live
    wire off my lap while it was sleeping on suspend...) when
    rebooting I had this kind of incident twice, first time it
    was solved by plugging a qwerty instead of the inbed azerty,
    (no idea why the power shortage caused that). And the second
    time it was resolved much more simply by using an external
    USB ky holding emergency recovery keys (the first case
    made me have this idea to prepare them ,-)
    As I see you only have one key enabled in your luks setup
    I wish you good luck with trying different types of keybs!
    (or maybe trying harder to remember your password, it also happens!-)


    Just to be absolutely sure - there is no way to reset the password or
    access the content somehow?

    It shouldn't...

    Will a professional company be able to do
    it?

    Some snake oil resellers may pretend so but you used
    fairly secure cipher and hash (aes cbc-essiv:sha256 - sha1)
    so maybe you'll have an only chance in case the US-army lied
    about the privacy and the NSA would lend you some days processing ;-)

    Naturally this must be taken into consideration that this is only
    private stuff gathered over the years only having an emotional value for
    me (pictures, text etc).

    your best bet if anything fails and you dont get lucky with keyboard and
    or password remembering will be your backups, that's a recurrent and sad story.

    --- MBSE BBS v0.95.5 (GNU/Linux-x86_64)
    * Origin: Guest of ProXad - France (110:300/1.1@linuxnet)
  • From Kurt@110:300/1.1 to All on Sun Sep 27 16:45:19 2009
    It happened to me that after a power failure (well sort of, that
    was just some people coming to my office and using the live
    wire off my lap while it was sleeping on suspend...) when
    rebooting I had this kind of incident twice, first time it
    was solved by plugging a qwerty instead of the inbed azerty,
    (no idea why the power shortage caused that). And the second
    time it was resolved much more simply by using an external
    USB ky holding emergency recovery keys (the first case
    made me have this idea to prepare them ,-)
    As I see you only have one key enabled in your luks setup
    I wish you good luck with trying different types of keybs!
    (or maybe trying harder to remember your password, it also happens!-)

    I have checked that my keyboard is spelling the same way as I think it does ;-) So that should be okay.

    Will a professional company be able to do
    it?

    Some snake oil resellers may pretend so but you used
    fairly secure cipher and hash (aes cbc-essiv:sha256 - sha1)
    so maybe you'll have an only chance in case the US-army lied
    about the privacy and the NSA would lend you some days processing ;-)

    Ha, yeah that could be good :-)

    your best bet if anything fails and you dont get lucky with keyboard and
    or password remembering will be your backups, that's a recurrent and sad story.

    It sure is - here I thought I were sooooo secure and then I didn't think of this little way too simple thing... "what happens if I loose the password"!?



    --- MBSE BBS v0.95.5 (GNU/Linux-x86_64)
    * Origin: SunSITE.dk - Supporting Open source (110:300/1.1@linuxnet)
  • From Kurt@110:300/1.1 to All on Tue Sep 29 20:25:13 2009
    As I see you only have one key enabled in your luks setup
    I wish you good luck with trying different types of keybs!
    (or maybe trying harder to remember your password, it also happens!-)

    Just an idea - as it is impossible to brute-force the password as it only allows one try per second, is it then somehow possible to extract the key
    and try and bruteforce that... if I know the exact same way to find the crypted key? I guess that would go so much faster to compare those two
    crypted strings? Does that make sense at all?

    I _think: I know the most of my password, but the last digits I may think could be wrong so if I could try with maybe 90% of the password good, then perhaps I could get some luck with bruteforce?



    --- MBSE BBS v0.95.5 (GNU/Linux-x86_64)
    * Origin: SunSITE.dk - Supporting Open source (110:300/1.1@linuxnet)
  • From Allen Kistler@110:300/1.1 to All on Tue Sep 29 20:56:34 2009
    Kurt wrote:
    As I see you only have one key enabled in your luks setup
    I wish you good luck with trying different types of keybs!
    (or maybe trying harder to remember your password, it also happens!-)

    Just an idea - as it is impossible to brute-force the password as it only allows one try per second, is it then somehow possible to extract the key and try and bruteforce that... if I know the exact same way to find the crypted key? I guess that would go so much faster to compare those two crypted strings? Does that make sense at all?

    I _think: I know the most of my password, but the last digits I may think could be wrong so if I could try with maybe 90% of the password good, then perhaps I could get some luck with bruteforce?

    It makes sense. Check out page 6 of

    http://cryptsetup.googlecode.com/svn-history/r42/wiki/LUKS-standard/on-disk-for mat.pdf

    or you could hack cryptsetup to remove the 1 sec delay. You'd have to
    do that, anyway, even if you want to brute force an "offline" copy of
    the headers. Either way, you can't lock yourself out by trying
    infinitely many times.

    BTW, one thing I didn't ask before ....

    Since you've applied LUKS to the whole disk, rather than partitioning
    the disk and applying LUKS to the partition (the usual thing), is it
    possible you used fdisk on the raw disk? Or installed a boot loader on
    the raw disk? Either one of those would have trashed the data structures.

    --- MBSE BBS v0.95.5 (GNU/Linux-x86_64)
    * Origin: Aioe.org NNTP Server (110:300/1.1@linuxnet)