Protecting Data with Encrypted Linux Partitions Part 2 - page 2

Adding Your Own Back Door

With these commands it doesn't matter if your cryptsetup-luks device is open or closed.

What if you can't remember if a partition is a cryptsetup-luks partition?

# cryptsetup isLuks /dev/sda1
/dev/sda1 is not a LUKS partition

If it is a LUKS partition, it will exit silently. Yes, a positive confirmation would be nice, but that's the way it is.

You can see the entire LUKS header with this command:

# cryptsetup luksDump /dev/sda2

LUKS header information for /dev/sda2

Version:        1
Cipher name:    aes
Cipher mode:    cbc-plain
Hash spec:      sha1
Payload offset: 1032
MK bits:        128
MK digest:      40 cc 8c ff b4 0d f2  ...
MK salt:        5e 8f 35 dd 4d 1a 8c  ...
                cb 70 da a7 b8 06 11  ...
MK iterations:  10
UUID:           1c390791-bd8a-4655-b722-6d0bcbbdf547

Key Slot 0: ENABLED
        Iterations:             168940
        Salt:                   88 e9 98 ...
                                65 5f c9  ...
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: ENABLED
        Iterations:             166133
        Salt:                   b7 77 84  ...
                                66 91 93  ...
        Key material offset:    136
        AF stripes:             4000
Key Slot 2: ENABLED
        Iterations:             166970
        Salt:                   cf 5c 82  ...
                                d9 9b c5  ...
        Key material offset:    264
        AF stripes:             4000
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

This shows that there are three passwords set, the device UUID, the type of encryption used, and other details.