Protecting Data with Encrypted Linux Partitions Part 2 - page 2
Adding Your Own Back Door
With these commands it doesn't matter if your
cryptsetup-luks device is open or closed.
What if you can't remember if a partition is a
# cryptsetup isLuks /dev/sda1 /dev/sda1 is not a LUKS partition
If it is a LUKS partition, it will exit silently. Yes, a positive confirmation would be nice, but that's the way it is.
You can see the entire LUKS header with this command:
# cryptsetup luksDump /dev/sda2 LUKS header information for /dev/sda2 Version: 1 Cipher name: aes Cipher mode: cbc-plain Hash spec: sha1 Payload offset: 1032 MK bits: 128 MK digest: 40 cc 8c ff b4 0d f2 ... MK salt: 5e 8f 35 dd 4d 1a 8c ... cb 70 da a7 b8 06 11 ... MK iterations: 10 UUID: 1c390791-bd8a-4655-b722-6d0bcbbdf547 Key Slot 0: ENABLED Iterations: 168940 Salt: 88 e9 98 ... 65 5f c9 ... Key material offset: 8 AF stripes: 4000 Key Slot 1: ENABLED Iterations: 166133 Salt: b7 77 84 ... 66 91 93 ... Key material offset: 136 AF stripes: 4000 Key Slot 2: ENABLED Iterations: 166970 Salt: cf 5c 82 ... d9 9b c5 ... Key material offset: 264 AF stripes: 4000 Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED
This shows that there are three passwords set, the device UUID, the type of encryption used, and other details.
Sponsored by BlackBerry
BlackBerry® Enterprise Server Express enables businesses of any size to quickly and easily get started with the BlackBerry solution. It provides advanced BlackBerry smartphone features with no additional software or user license fees, and works with any Internet-enabled BlackBerry data plan or a BlackBerry enterprise data plan. Download now!