Re: [dm-crypt] Can't decrypt LUKS partition

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Can't decrypt LUKS partition
Date: Fri, 27 Dec 2019 10:38:31 +0100	[thread overview]
Message-ID: <20191227093831.GB5876@tansi.org> (raw)
In-Reply-To: <Lx31rDE--7-2@tutanota.de>

Hi Robert,

if you are sure yiu have the right passphrase, this may be a defective
SSD. Especially cheaper SSDs can develop bit-errors. Since most
software and files continue to run and open even with that, it 
can take a while for that to get be noticed. With SSDs, there is 
the additional problem that it uses very large sectors internally,
and hence even if you did not write the LUKS header, it can get 
changed on another write. The way these bit=errors happen is then
that the SSD-internal sector gets loaded into memory, modified
and written back. While protected by checksums and ECC in the
FLASH chips, protection is often missing on the bus and in 
SSD-internal RAM and that is where the corruption happens.

Due to the anti-forensic properties of the LUKS header, should this
has happened, the only way out is a backup. Before you give up,
make sure you have the right passphrase.

Regards,
Arno

On Thu, Dec 26, 2019 at 22:13:30 CET, robert.wender@tutanota.de wrote:
>    Hello,
> 
>    I'm suddenly unable to decrypt my Linux Mint partition, SSD. I get this
>    error message:
> 
>    "Enter passphrase for /dev/nvme0n1p3:
> 
>    No key available with this passphrase."
> 
>    It was encrypted at install (entire drive).
> 
>    I'm using only this drive, and only Linux Mint, nothing else. I didn't
>    do any updates, I didn't even install anything before it stopped
>    working (worked for about half a year).
> 
>    I don't have any backup.
> 
>    What I did do is clean my keyboard. I use German layout, and there's
>    _underscores_ in my password. But I tested everything I could think of
> 
>    I tested all my keys a lot of times, it's always correct, wrote my
>    password the way I always did, I wrote it assuming US layout, wrote it
>    using a different keyboard, tried decrypting using Linux Mint live CD,
>    Fedora live CD, tried all the German keyboard layouts, some English
>    ones.
> 
>    cryptsetup luksDump /dev/nvme0n1p3:
> 
>    [1]https://pastebin.com/9arD2wVs
> 
>    I don't know much about that, does it look fine?
> 
>    I also searched the hexdump for words and used the Key-Slot Checker,
>    seems fine.
> 
>    Should I just continue testing all existing layouts? Or does something
>    look strange/does someone have an idea what to try?
> 
>    Regards,
> 
>    Robert
> 
> References
> 
>    1. https://pastebin.com/9arD2wVs

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier