| View previous topic :: View next topic |
| Author |
Message |
Gladdle
Guru
Joined: 27 Jul 2008
Posts: 322
Location: Cleebronn, Germany
|
 Posted: Mon Mar 24, 2025 6:32 pm Post subject: luks encrypted hard drive didn't accept correct Password |
 |
|
The Topic says it all, i have installed gentoo on a luks encrypted hard drive. I shut down normally, next day i start it. Typed in my password and it didn't accept it anymore. This i have tried:
- I cleaned the keyboard so maybe a mechanical issue -> error "No key aviable with this passphrase."
- tried another keyboard -> error "No key aviable with this passphrase."
- I boot from the live DVD, set the correct keyboard layout, tried in plain text (to read) and copy this to open the disk with "cryptsetup luksOpen /dev/sda2 LinuxLVM" -> error "No key aviable with this passphrase."
I DON't have updated my kernel, NOR GRUB2
So HOW can that be? I DIDN'T change my password! Someone got some Ideas or are ALL my files gone for now?
Update #1:
I used | Code: | | cryptsetup luksOpen --debug /dev/sda2 VG-Encrypted-Linux |
And this is the output: | Code: | # cryptsetup 2.7.5 processing "cryptsetup luksOpen --debug /dev/sda2 VG-Encrypted-Linux"
# Verifying parameters for command open.
# Running command open.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sda2.
# Trying to open and read device /dev/sda2 with direct-io.
# Direct-io is supported and works.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/sda2.
# Crypto backend (OpenSSL 3.3.3 11 Feb 2025 [default][legacy][threads][argon2]) initialized in cryptsetup library version 2.7.5.
# Detected kernel Linux 6.12.16-gentoo-dist x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sda2.
# Opening lock resource file /run/cryptsetup/L_8:2
# Verifying lock handle for /dev/sda2.
# Device /dev/sda2 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sda2
# Verifying locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:965b19ca14d1eb57912b7e7e51bbd058940f30ac53b25404171a8524752cdefd (on-disk)
# Checksum:965b19ca14d1eb57912b7e7e51bbd058940f30ac53b25404171a8524752cdefd (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sda2
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:b001a1203581ef03852adc5d6c0b72d8a2fc1357e89b0babac69b791f1e20643 (on-disk)
# Checksum:b001a1203581ef03852adc5d6c0b72d8a2fc1357e89b0babac69b791f1e20643 (in-memory)
# Device size 499569917952, offset 16777216.
# Device /dev/sda2 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Activating volume VG-Encrypted-Linux [keyslot -1] using token.
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-ioctl version 4.48.0.
# Detected dm-zero version 1.2.0.
# Device-mapper backend running with UDEV support enabled.
# dm status VG-Encrypted-Linux [ opencount noflush ] [16384] (*1)
No usable token is available.
# Interactive passphrase entry requested.
Enter passphrase for /dev/sda2: |
What means: | Code: | # dm status VG-Encrypted-Linux [ opencount noflush ] [16384] (*1)
No usable token is available. |
Last edited by Gladdle on Mon Mar 24, 2025 7:17 pm; edited 2 times in total |
|
| Back to top |
|
 |
CooSee
Veteran
Joined: 20 Nov 2004
Posts: 1543
Location: Earth
|
| Posted: Wed Mar 26, 2025 11:07 pm Post subject: |
|
|
maybe it's just a keyboard layout issue and therefore it's defaulted to US and not DE, while at boot.
querty instead of quertz
if you have some symbols in your passphrase, search for images of US defaulted keyboard layout and try again.
have you not created a second passphrase as a backup, e.g very long Numbers only ?
copy and paste could add another key without noticing, e.g. at the end.
_________________
" Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier "
Last edited by CooSee on Fri Apr 11, 2025 8:01 pm; edited 1 time in total |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 55281
Location: 56N 3W
|
| Posted: Thu Mar 27, 2025 3:39 pm Post subject: |
|
|
Gladdle,
Kernel device names are not deterministic. They are allocated in device discovery order.
Its possible that several devices of the same type will swap kernel device names.
e.g. You have two HDD. sda and sdb. They can be discovered either way round, so the names will swap.
Are you sure you are dealing with the right device?
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Gladdle
Guru
Joined: 27 Jul 2008
Posts: 322
Location: Cleebronn, Germany
|
| Posted: Fri Apr 18, 2025 2:39 pm Post subject: |
|
|
@CooSee
Like i told in my first post: I also copy the plaintext Password per drag and drop, use a other keyboard and so on.
@NeddySeagoon
I use UUID's in my config and also a LiveDVD where i speccialy used the right device.
I'll think i make a "backup" from the header and try a brute force crack tool, and i am sure in a million years i finnaly can open it again...
To all the guys using google and come here:
It's important to make a BACKUP after you created the device and maybe use a second password or a Keyfile (this time i did it...) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
