Purpose ======= chk_luks_keyslots is a tool that searches the keyslot area of a LUKS container for positions where entropy is low and hence there is a high probability of damage from overwrites of parts of the key-slot with data such as a RAID superblock or a partition table. Installation ============ 1. Install the version of cryptsetup the tool came with. 2. Compile with "make" Manual compile can be done with gcc -lm -lcryptsetup chk_luks_keyslots.c -o chk_luks_keyslots Usage ===== Call chk_luks_keyslots without arguments for an option summary. Example of a good keyslot area with keys 0 and 2 in use: -------------------------------------------------------- root> ./chk_luks_keyslots /dev/loop0 parameters (commandline and LUKS header): sector size: 512 threshold: 0.900000 - processing keyslot 0: start: 0x001000 end: 0x020400 - processing keyslot 1: keyslot not in use - processing keyslot 2: start: 0x041000 end: 0x060400 - processing keyslot 3: keyslot not in use - processing keyslot 4: keyslot not in use - processing keyslot 5: keyslot not in use - processing keyslot 6: keyslot not in use - processing keyslot 7: keyslot not in use Same example of a fault in slot 2 at offset 0x50000: ---------------------------------------------------- root>./chk_luks_keyslots /dev/loop2 parameters (commandline and LUKS header): sector size: 512 threshold: 0.900000 - processing keyslot 0: start: 0x001000 end: 0x020400 - processing keyslot 1: keyslot not in use - processing keyslot 2: start: 0x041000 end: 0x060400 low entropy at: 0x050000 entropy: 0.549165 - processing keyslot 3: keyslot not in use - processing keyslot 4: keyslot not in use - processing keyslot 5: keyslot not in use - processing keyslot 6: keyslot not in use - processing keyslot 7: keyslot not in use Same as last, but verbose: -------------------------- root>./chk_luks_keyslots -v /dev/loop2 parameters (commandline and LUKS header): sector size: 512 threshold: 0.900000 - processing keyslot 0: start: 0x001000 end: 0x020400 - processing keyslot 1: keyslot not in use - processing keyslot 2: start: 0x041000 end: 0x060400 low entropy at: 0x050000 entropy: 0.549165 Binary dump: 0x050000 54 68 69 73 20 69 73 20 61 20 74 65 73 74 2D 73 This is a test-s 0x050010 65 63 74 6F 72 20 66 6F 72 20 63 68 6B 5F 6C 75 ector for chk_lu 0x050020 6B 73 5F 6B 65 79 73 6C 6F 74 73 20 74 68 65 20 ks_keyslots the 0x050030 71 75 69 63 6B 20 62 72 6F 77 6E 20 66 6F 78 20 quick brown fox 0x050040 6A 75 6D 70 73 20 6F 76 65 72 20 74 68 65 20 6C jumps over the l 0x050050 61 7A 79 20 64 6F 67 20 74 68 65 20 71 75 69 63 azy dog the quic 0x050060 6B 20 62 72 6F 77 6E 20 66 6F 78 20 6A 75 6D 70 k brown fox jump 0x050070 73 20 6F 76 65 72 20 74 68 65 20 6C 61 7A 79 20 s over the lazy 0x050080 64 6F 67 20 74 68 65 20 71 75 69 63 6B 20 62 72 dog the quick br 0x050090 6F 77 6E 20 66 6F 78 20 6A 75 6D 70 73 20 6F 76 own fox jumps ov 0x0500a0 65 72 20 74 68 65 20 6C 61 7A 79 20 64 6F 67 20 er the lazy dog 0x0500b0 74 68 65 20 71 75 69 63 6B 20 62 72 6F 77 6E 20 the quick brown 0x0500c0 66 6F 78 20 6A 75 6D 70 73 20 6F 76 65 72 20 74 fox jumps over t 0x0500d0 68 65 20 6C 61 7A 79 20 64 6F 67 20 74 68 65 20 he lazy dog the 0x0500e0 71 75 69 63 6B 20 62 72 6F 77 6E 20 66 6F 78 20 quick brown fox 0x0500f0 6A 75 6D 70 73 20 6F 76 65 72 20 74 68 65 20 6C jumps over the l 0x050100 61 7A 79 20 64 6F 67 20 74 68 65 20 71 75 69 63 azy dog the quic 0x050110 6B 20 62 72 6F 77 6E 20 66 6F 78 20 6A 75 6D 70 k brown fox jump 0x050120 73 20 6F 76 65 72 20 74 68 65 20 6C 61 7A 79 20 s over the lazy 0x050130 64 6F 67 20 74 68 65 20 71 75 69 63 6B 20 62 72 dog the quick br 0x050140 6F 77 6E 20 66 6F 78 20 6A 75 6D 70 73 20 6F 76 own fox jumps ov 0x050150 65 72 20 74 68 65 20 6C 61 7A 79 20 64 6F 67 20 er the lazy dog 0x050160 74 68 65 20 71 75 69 63 6B 20 62 72 6F 77 6E 20 the quick brown 0x050170 66 6F 78 20 6A 75 6D 70 73 20 6F 76 65 72 20 74 fox jumps over t 0x050180 68 65 20 6C 61 7A 79 20 64 6F 67 20 74 68 65 20 he lazy dog the 0x050190 71 75 69 63 6B 20 62 72 6F 77 6E 20 66 6F 78 20 quick brown fox 0x0501a0 6A 75 6D 70 73 20 6F 76 65 72 20 74 68 65 20 6C jumps over the l 0x0501b0 61 7A 79 20 64 6F 67 20 74 68 65 20 71 75 69 63 azy dog the quic 0x0501c0 6B 20 62 72 6F 77 6E 20 66 6F 78 20 6A 75 6D 70 k brown fox jump 0x0501d0 73 20 6F 76 65 72 20 74 68 65 20 6C 61 7A 79 20 s over the lazy 0x0501e0 64 6F 67 20 74 68 65 20 71 75 69 63 6B 20 62 72 dog the quick br 0x0501f0 6F 77 6E 20 66 6F 78 20 6A 75 6D 70 73 20 6F 76 own fox jumps ov - processing keyslot 3: keyslot not in use - processing keyslot 4: keyslot not in use - processing keyslot 5: keyslot not in use - processing keyslot 6: keyslot not in use - processing keyslot 7: keyslot not in use ---- Copyright (C) 2012, Arno Wagner This file is free documentation; the author gives unlimited permission to copy, distribute and modify it.