[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Need help recovering encrypted volume

To: linux-crypto@xxxxxxxxxxxx
Subject: Need help recovering encrypted volume
From: Tracy R Reed <treed@xxxxxxxxxxxxxxx>
Date: Tue, 26 Jul 2005 15:58:56 -0700
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Organization: Ultraviolet
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Thunderbird/1.0.6 Fedora/1.0.6-1.1.fc4 Mnenhy/0.7.2.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Through a series of unfortunate events I have lost my important
encrypted volume. The latest version of it was destroyed. A somewhat
older just deleted copy was undeleted from a server using debugfs on
ext2 filesystem. I also have a quite old copy archived on DVD using the
mondo backup program.

The undeleted encrypted filesystem was made on a 2.4 kernel box under
RedHat 7. A very old system. It was encrypted using the blowfish cipher.
I would provide exact kernel version etc. but I don't have the box
available to me at this instant. I can provide those details later if
necessary.

When I try to remount the file with -oloopback,encryption=blowfish I get
this error:

mount: wrong fs type, bad option, bad superblock on /dev/loop1,

Question: Will debugfs refuse to undelete the file if any portion of it
has been overwritten by other disk activity? Or will it recover a
partially corrupted file and not say anything? The system was run in r/w
mode for a short time after the file was deleted but it was idle and
there was loads of free disk space. I am hoping the odds of part the
file being overwritten are slim. Unfortunately the encrypted version
looks like entropy so unless I go through all 2G of the file and look
for something obviously non-random I cannot know if the file has been
corrupted or if I am just doing something wrong.

I copied this file to another, much more modern system, FC3 running
kernel 2.6.10-1.741_FC3smp and tried to mount it after loading the
blowfish and cryptoloop modules and got the same results as above. Not
good. So I decide that maybe my bad luck is holding and the file really
did get corrupted somehow.

So I pull out an old set of backup DVD's made using Mondo and restore
the file from the DVD's. I try mounting it and get the same error as
above. I am positive the image on the backup set is good. So hopefully I
am just doing something wrong during the process of trying to mount it
but I don't know what it could be. I have always used blowfish
encryption for this and I have used the same password for the volume
(for better or worse) for years and it is programmed into my fingers.

Any ideas?

Thanks!

- --
Tracy R Reed
http://ultraviolet.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFC5sAw9PIYKZYVAq0RAr+0AJ9TP4KxTGgB0QgsR8M6jBzLTF+XwQCgnAT0
9S++TSrD2v1diMkm8uvcsvI=
=yiP4
-----END PGP SIGNATURE-----

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Need help recovering encrypted volume
  - From: Tracy R Reed

Prev by Date: Antigen found VIRUS= MyDoom.L@m (Norman) worm
Next by Date: Re: Need help recovering encrypted volume
Previous by thread: Antigen found VIRUS= MyDoom.L@m (Norman) worm
Next by thread: Re: Need help recovering encrypted volume
Index(es):
- Date
- Thread