From: Arno Wagner <wagner@arnowagner.info>
To: cryptsetup@lists.linux.dev
Cc: "Christian Förster" <christian.foerster@swisscows.ch>
Subject: Re: Recovery of LUKS keyslot during PBKDF phase of overwrite ChangeKey possible?
Date: Fri, 24 Nov 2023 10:29:22 +0100 [thread overview]
Message-ID: <20231124092922.GB17827@tansi.org> (raw)
In-Reply-To: <7aac4982-b795-4de6-90f8-ad3f3d806edf@swisscows.ch>
Hi Christian,
if the volume is mounted, make a backup
of its contents and throw the container away.
You should have that backup anyways.
I do not recommend doing _anything_ else before
you have that backup.
Regards,
Arno
On Wed, Nov 22, 2023 at 21:53:59 CET, Christian Förster wrote:
> Good evening,
>
> to make it short: I have started a luksChangeKey operation on keyslot 0 with
> --keyslot=0 (overwrite) and bad parameters for argon2id (1000000
> iterations). As letting that run to completion would take at least a week, I
> am looking for a way to recover from this command while the volume is still
> mounted (decrypted). I do not have a header backup. Is this possible?
>
> I'm using cryptsetup 2.3.5 and the volume is a LUKS2 volume.
>
> Longer explanation: due to impatience, hangover and inexperience with LUKS I
> misinterpreted the "Iterations" parameter in the "Tokens" section of
> luksdump as being the iterations of the "main" KDF; I wanted to increase
> security by increasing the number of iterations and since the parameter
> shown was about 120,000 I thought I'd just try one million to see if that
> was too much (it was...heh). The command was:
>
> sudo cryptsetup luksChangeKey --key-slot=0 --pbkdf=argon2id
> --pbkdf-memory=4000000 --pbkdf-parallel=12 --pbkdf-force-iterations=1000000
> /dev/
>
> but the last time I tried it with pbkdf-memory=4000000 it only used 2 GB due
> to peculiarities with my system, where the component controlling the LUKS
> container administratively only has 4 GB of RAM, so it probably is using
> only 2 again, now. The parallelity also seems to be limited to 4 instead of
> 12 as I've learned reading the FAQ now.
>
> I chose the overwrite parameter (--keyslot=0) because my setup is a bit
> complicated and the key needs to be in keyslot 0 for other system components
> to work properly. There are no other keys or header backups or keyslot
> backups.
>
> I did not know about the cryptsetup benchmark program and did not think
> about creating a header backup first. I do have a full system backup and
> since the system is live I just backed up the important changes I made since
> that last full backup, but I'd prefer not to have to reinstall and restore
> everything, as it's a complicated system.
>
> Having just run the benchmark, it shows 5 iterations for argon2id with ~1GB
> of RAM for 2 secs; given the above mentioned parameters of my command, I
> estimate that allowing the command to finish (it is currently paused with
> Ctrl+Z) would take at least a week of full time computing with the CPU
> churning away all this time; I'd like to avoid that.
>
> On the plus side, I've learned some things about LUKS and cryptography and
> the first thing I'll do after recovering from this is make a header backup.
>
> So, I reiterate my initial question: is it possible to recover from this
> situation without a complete reinstall or letting the command complete for a
> long time? The disk encryption key should still be in RAM IIUC, but since
> it's LUKS2, according to the FAQ extracting it from there is not trivial.
>
> Thank you for any help,
>
> C.F.
>
>
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
prev parent reply other threads:[~2023-11-24 9:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 20:53 Recovery of LUKS keyslot during PBKDF phase of overwrite ChangeKey possible? Christian Förster
2023-11-23 18:19 ` Christian Förster
2023-11-24 9:29 ` Arno Wagner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231124092922.GB17827@tansi.org \
--to=wagner@arnowagner.info \
--cc=arno@wagner.name \
--cc=christian.foerster@swisscows.ch \
--cc=cryptsetup@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).