我有 2 个不同品牌和容量的 USB,使用 Kali 的磁盘工具用 Luks2 加密。在纠正启动问题并纠正路径后,我能够访问磁盘,但之后,他们根本不接受密码。我用另外一个盘测试了一下,运行正常。部门的某些变化会是原因吗?!
WD-1TB-LUKS2: /dev/sdd (/dev/sdd1)
LUKS header information
Version: 2
Epoch: 3
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: afa33689-994f-4bfb-b68a-95166bedab82
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 11
Memory: 1048576
Threads: 4
Salt: 96 09 fc 6e aa 98 0c 72 26 2f ba ec cb e0 c7 e8
ac a5 eb 85 b7 6b a9 e0 b6 3c e0 04 a8 76 f7 3c
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 319298
Salt: 4e a7 01 b3 da 77 af 03 a6 e1 2f ea a4 aa 89 92
bd c2 bc bc 92 32 63 6c eb fc 80 58 02 42 94 4b
Digest: f7 4c 33 2b 1b 23 de 36 36 2d d5 e8 57 8d 6e 09
fa 0b 50 88 ed e3 9a d6 76 5f 90 42 e4 48 ea 10
第二盘
HDD-LUKS2-500GB
LUKS header information
Version: 2
Epoch: 3
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: 20f8e19c-a37d-4049-91d4-571e14a02efa
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 7
Memory: 1048576
Threads: 4
Salt: 9f 98 26 e8 5f 2d d2 78 f8 ac 87 d1 a9 40 05 56
d7 4b b3 35 e0 2f 84 bf 7e 48 5b 69 14 ff 1a db
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 320861
Salt: 13 4c f8 91 c9 25 cb b9 ef b4 2b 25 36 a8 d7 d8
90 c1 36 0e 2c cf 51 04 b1 3c e1 54 04 1c 42 35
Digest: d8 a0 c5 d8 7b 09 a9 a3 d4 07 af 09 da 41 2e e3
6e c5 d2 e0 33 95 fc 12 d0 21 98 58 5c 5a 12 0b
仅适用于 Luks2 的工作磁盘:
HDD-32GB0-WD
LUKS header information
Version: 2
Epoch: 3
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: 5948fcd5-e99d-4c53-991b-459b60cce38f
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 4096 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 10
Memory: 1048576
Threads: 4
Salt: ed ad 79 93 45 58 0f 41 93 75 1f 1b a5 85 48 43
3b db 27 73 95 ed de 6c 79 46 48 12 c7 60 96 48
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 302706
Salt: 62 80 da cb 32 b6 1d 71 3c 36 e3 7c 91 35 2c 4b
a1 34 25 27 33 a1 dc 24 bf b4 f7 47 08 d2 20 3c
Digest: e0 e1 03 bb 4a 04 5e 93 32 5d 91 c2 b3 db 01 f1
ee 48 f5 76 70 c9 63 33 65 40 19 fb d3 71 68 55
磁盘信息...
Crypttab output
$cat /etc/crypttab
# <target name> <source device> <key file> <options>
$sudo blkid -t TYPE=crypto_LUKS -o device 2 ⨯
/dev/sdd1
/dev/sdc1
lsblk output
sdc 8:32 0 465,8G 0 disk
└─sdc1 8:33 0 465,8G 0 part
sdd 8:48 0 931,5G 0 disk
└─sdd1 8:49 0 931,5G 0 part
More info and test :
$sudo fdisk -l
Disk /dev/sdc: 465,76 GiB, 500107862016 bytes, 976773168 sectors
Disk model: Touro Mobile 3.0
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x5dc1c757
Device Boot Start End Sectors Size Id Type
/dev/sdc1 2048 976773119 976771072 465,8G e8 unknown
Disk /dev/sdd: 931,51 GiB, 1000204885504 bytes, 1953525167 sectors
Disk model: Expansion
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x1c5a16fb
Device Boot Start End Sectors Size Id Type
/dev/sdd1 2048 1953523711 1953521664 931,5G e8 unknown
$ sudo blockdev --getsize64 /dev/sdc1
500106788864
$ sudo blockdev --getsize64 /dev/sdd1
1000203091968
sudo parted /dev/sdc unit s print free
Model: HGST Touro Mobile 3.0 (scsi)
Disk /dev/sdc: 976773168s
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
2s 2047s 2046s Free Space
1 2048s 976773119s 976771072s primary
976773120s 976773167s 48s Free Space
$ sudo parted /dev/sdd unit s print free
Model: Seagate Expansion (scsi)
Disk /dev/sdd: 1953525167s
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
2s 2047s 2046s Free Space
1 2048s 1953523711s 1953521664s primary
1953523712s 1953525166s 1455s Free Space
sudo cryptsetup --debug --verbose luksOpen /dev/sdc1 Device
[sudo] senha para rocket:
# cryptsetup 2.5.0 processing "cryptsetup --debug --verbose luksOpen /dev/sdc1 Device"
# Verifying parameters for command open.
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdc1.
# Trying to open and read device /dev/sdc1 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/sdc1.
# Crypto backend (OpenSSL 3.0.7 1 Nov 2022 [default][legacy]) initialized in cryptsetup library version 2.5.0.
# Detected kernel Linux 5.16.0-kali3-amd64 x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sdc1.
# Opening lock resource file /run/cryptsetup/L_8:33
# Verifying lock handle for /dev/sdc1.
# Device /dev/sdc1 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sdc1
# Verifying locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:684ff912851560ae94bd6d4af4ec447040f62dae3f7596e2aed9f7a05fe74e82 (on-disk)
# Checksum:684ff912851560ae94bd6d4af4ec447040f62dae3f7596e2aed9f7a05fe74e82 (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sdc1
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:00a1dd76822bd4f47afda8191840b95a1d2f8448419f4f7d89ade082bbd08e31 (on-disk)
# Checksum:00a1dd76822bd4f47afda8191840b95a1d2f8448419f4f7d89ade082bbd08e31 (in-memory)
# Device size 500106788864, offset 16777216.
# Device /dev/sdc1 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Activating volume Device using token (any type) -1.
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-ioctl version 4.45.0.
# Device-mapper backend running with UDEV support enabled.
# dm status Device [ opencount noflush ] [16384] (*1)
No usable token is available.
# Interactive passphrase entry requested
返回错误的密码。
使用此信息和其他信息,阅读信息 ->https://unix.stackexchange.com/a/248553 https://superuser.com/questions/1740773/unsure-if-i-encrypted-external-hdd- Correctly-with-luks https://bbs.archlinux.org/viewtopic.php?id=280531和别的...