Join Log in
Score:1
dromey avatar Ubuntu

Recovering LUKS partition with shred disk

vu flag
dromey

I have Ubuntu 18.04 LTS encrypted on my SSD and I ran the command:

sudo shred -vfn 1 /dev/sda

and have overwritten 8-10 GB I guess.

Furthermore, my computer could not load the password input window after that. When I boot with the original disc I get this message and it never boots:

cryptosetup: Waiting for encrypted source device UUID:(long UUID)...

Here is the output of sudo fdisk -l /dev/sdc:

GPT PMBR size mismatch (1953525167 != 1953525166) will be corrected by w(rite).
The backup GPT table is corrupt, but the primary appears OK, so that will be used.
Disk /dev/sdc: 931,5 GiB, 1000204885504 bytes, 1953525167 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 629AC7CC-XXXX-XXXX-XXXX-1A7BE55XXXXX

Device       Start        End    Sectors   Size Type
/dev/sdc1     2048    1050623    1048576   512M EFI System
/dev/sdc2  1050624    2549759    1499136   732M Linux filesystem
/dev/sdc3  2549760 1953523711 1950973952 930,3G Linux filesystem

Although there were no important data on the computer, I wonder: is it still possible to restore the contents of the disk? The disk password is known.

172
3 + 0
Score:1
vidarlo avatar Ubuntu
om flag
vidarlo

LUKS is a crucial key word here.

LUKS has multiple key slots - all stored in a header. Each key slots encrypts the Data Encryption Key (DEK) - the key actually used to encrypt data - with different methods. You will need at least one key slot.

Commonly one keyslot is the passphrase you enter during boot. This passphrase is used to decrypt the data encryption key, which is stored in the header. The passphrase is not used to actually encrypt data on disk, for various reasons.

When you overwrite the LUKS header you destroy the DEK. The passphrase is now worthless; it won't be able to reveal anything about the data, because the encrypted DEK is missing.

So yes, recovery is impossible in this situation. The data's gone. In fact, this is a common way to perform secure wipe of stored data: simply destroy the DEK, and the data is irrecoverable.

(Note that the descriptions of LUKS is somewhat simplified here, more details can be found here).

+ 1
dromey avatar
vu flag
dromey
thank you, good answer!
0
Reply
Score:0
user535733 avatar Ubuntu
cn flag
user535733

You shredded AND encrypted.

Either of those alone is usually adequate for safe, permanent denial of access to the data.

Using both, recovery is impossible for an amateur. It's also impossible for most professionals.

  • You limited the usefulness of shred by overwriting only once instead of the default three times. Many of the encrypted bits may still be recoverable (by an expert only), but the data will still be encrypted without a known key.
+ 0
Score:0
sean avatar Ubuntu
st flag
sean

The answer is no shred overwrites the data. It's gone, gone, gone. You shredded the partition, not a file, so it's a full wipe. There is an off-chance that if you just shredded files they would leave their filenames around. The data is overwritten in-place, so there is nothing left.

Caveat, someone with sophisticated enough technology can bring data back from one overwrite. Those people tend to be people like governments, but for normal people, one is gone. Security practices generally recommend ten or more overwrites to guarantee there is no possibility of recovery. I suggest you follow that recommendation if it's truly something important. If it's just wiping a drive for a computer you're selling or giving to someone else a few overwrites is enough, even one is enough...

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.