You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2023-09-25 11:20:20
- blapsh
- Member
- Registered: 2023-09-25
- Posts: 4
luks partition no key
I wanted to change my luks partition password, so I ran:
sudo cryptsetup luksChangeKey /dev/sda2 -S 0then typed the new password and suddenly the power shut off.
After the power came back on, cryptsetup doesn't accept any key. I tried old password, new password, no password, everything I could think of.
I don't, really care about the computer and would just wipe the disk, but I have some really important data on there that I haven't backed up. Is there any way to recover from this?
Offline
#2 2023-09-25 11:30:49
- dimich
- Member
- From: Kharkiv, Ukraine
- Registered: 2009-11-03
- Posts: 268
Re: luks partition no key
Do you have LUKS header backup?
Offline
#3 2023-09-25 11:38:38
- blapsh
- Member
- Registered: 2023-09-25
- Posts: 4
Re: luks partition no key
Unfortunately no
Offline
#4 2023-09-25 11:59:53
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,474
Re: luks partition no key
What does cryptsetup luksDump look like?
Offline
#5 2023-09-25 12:54:32
- blapsh
- Member
- Registered: 2023-09-25
- Posts: 4
Re: luks partition no key
Offline
#6 2023-09-25 13:23:45
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,474
Re: luks partition no key
You might be out of luck.
This header has epoch 3 which is normal for newly created LUKS2 header. After a successful luksChangeKey, epoch would increase to 4. [ LUKS2 Epoch is a counter that increments whenever you change anything in the LUKS header. Normally it starts at epoch 3 after a fresh luksFormat, so any header with epoch 3 hasn't been changed yet ].
I experimented a little and it turns out when using `luksChangeKey -S 0`, there is a time window of several seconds where the LUKS2 header is unusable. cryptsetup wipes the existing keyslot material (without changing Epoch) several seconds before writing new keyslot material and headers (with changed Epoch). It looks normal in luksDump but it accepts no passphrase. This could be a bug in cryptsetup... without the -S 0 option, there is no such large time window where the header is invalid.
If your power outage just happened to occur in just this very moment, then... super unlucky, it's not recoverable at all. Not unless you have a backup of the header or happen to know the encryption master key.
So my take is that either your old passphrase still works (typo? keyboard layout?) or it's game over, unfortunately. There is no way to recover from wiped key material.
Last edited by frostschutz (2023-09-25 13:33:54)
Offline
#7 2023-09-25 13:40:26
- blapsh
- Member
- Registered: 2023-09-25
- Posts: 4
Re: luks partition no key
That's a pity. I tried my old passphrase and it won't work no matter what I do. Thanks for the help, though
Offline
#8 2023-09-26 10:08:48
- frostschutz
- Member
- Registered: 2013-11-15
- Posts: 1,474
Re: luks partition no key
Just in case, I reported a bug over here https://gitlab.com/cryptsetup/cryptsetup/-/issues/839
It won't help you anymore, but maybe it will be less likely to occur in the future.
Offline
Pages: 1