June 24, 2018

Protecting Data with Encrypted Linux Partitions Part 2 - page 2

Adding Your Own Back Door

  • June 21, 2007
  • By Carla Schroder

With these commands it doesn't matter if your cryptsetup-luks device is open or closed.

What if you can't remember if a partition is a cryptsetup-luks partition?

# cryptsetup isLuks /dev/sda1
/dev/sda1 is not a LUKS partition

If it is a LUKS partition, it will exit silently. Yes, a positive confirmation would be nice, but that's the way it is.

You can see the entire LUKS header with this command:

# cryptsetup luksDump /dev/sda2

LUKS header information for /dev/sda2

Version:        1
Cipher name:    aes
Cipher mode:    cbc-plain
Hash spec:      sha1
Payload offset: 1032
MK bits:        128
MK digest:      40 cc 8c ff b4 0d f2  ...
MK salt:        5e 8f 35 dd 4d 1a 8c  ...
                cb 70 da a7 b8 06 11  ...
MK iterations:  10
UUID:           1c390791-bd8a-4655-b722-6d0bcbbdf547

Key Slot 0: ENABLED
        Iterations:             168940
        Salt:                   88 e9 98 ...
                                65 5f c9  ...
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: ENABLED
        Iterations:             166133
        Salt:                   b7 77 84  ...
                                66 91 93  ...
        Key material offset:    136
        AF stripes:             4000
Key Slot 2: ENABLED
        Iterations:             166970
        Salt:                   cf 5c 82  ...
                                d9 9b c5  ...
        Key material offset:    264
        AF stripes:             4000
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

This shows that there are three passwords set, the device UUID, the type of encryption used, and other details.

Most Popular LinuxPlanet Stories

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.