this post was submitted on 19 Apr 2024
10 points (85.7% liked)

Linux

48081 readers
701 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Anyone ever have cryptsetup just start hanging after entering password on boot? This seems like it's going to be a fun issue to try to resolve...

top 20 comments
sorted by: hot top controversial new old
[–] lemmyreader@lemmy.ml 3 points 6 months ago (3 children)

Boot with previous kernel ? If fail, boot from Linux live, connect, mount, make backups, and try to fix.

[–] sun_is_ra@sh.itjust.works 4 points 6 months ago (1 children)

It could also be a disk problem. I second the backup suggestion

[–] wesker@lemmy.sdf.org 2 points 6 months ago

This is my main concern.

[–] wesker@lemmy.sdf.org 3 points 6 months ago (1 children)

Oddly, after a few tries I managed to get past. I religiously back things up, and just last night pushed all my current dots.

I'm gonna run some drive diagnostics. If everything looks good, I'll just repartition and take this as a sign to only use encryption on secondary drives where I backup sensitive info.

[–] haui_lemmy@lemmy.giftedmc.com 2 points 6 months ago (1 children)

I really need to get into pushing dot files. Every time I think „its not going to be that much“. Then I install a new system and like 20 apps, then I fiddle here and there. After a couple weeks I def rack up one or more hours of config.

[–] wesker@lemmy.sdf.org 5 points 6 months ago* (last edited 6 months ago) (1 children)

My protip is to use symlinks, and then just keep all your dots in a project folder. Makes it super easy to keep iterating on them in realtime, and pushing changes.

[–] haui_lemmy@lemmy.giftedmc.com 2 points 6 months ago

Thats neat! Thanks for the suggestion. I‘ll try that. Currently am experimenting on libraries with my coding stuff.

[–] krolden@lemmy.ml 1 points 6 months ago* (last edited 6 months ago) (1 children)

How could you boot a different kernel if you can't unlock the drive?

[–] Violet_McQuasional@feddit.uk 1 points 6 months ago (1 children)

Isn't it quite common to have /boot on an unencrypted partition?

[–] krolden@lemmy.ml 1 points 6 months ago

Oh yeah duh

[–] michael_palmer@lemmy.sdf.org 2 points 6 months ago

Today it happened for the first time for me. I use arch btw.

[–] krolden@lemmy.ml 2 points 6 months ago* (last edited 6 months ago) (2 children)

How long do you wait before you declare it hung?

Sometimes decryption takes up to a minute depending on your system specs and optimizations.

I suggest booting from a live disc and trying to unlock it from there.

[–] wesker@lemmy.sdf.org 5 points 6 months ago (2 children)

10m is when I throw my hands up. Normally it takes under 20s.

[–] drwho@beehaw.org 4 points 6 months ago (1 children)

That's more than a reasonable period of time to wait.

Can you run a SMART check on the drive from a liveCD? memtest86?

[–] wesker@lemmy.sdf.org 3 points 6 months ago

An extended test using nvme-cli showed zero errors. I'll try memtest later today.

[–] krolden@lemmy.ml 2 points 6 months ago (1 children)

Paste the output of cryptsetup benchmark

[–] wesker@lemmy.sdf.org 2 points 6 months ago (1 children)
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1      2957901 iterations per second for 256-bit key
PBKDF2-sha256    4946113 iterations per second for 256-bit key
PBKDF2-sha512    1945410 iterations per second for 256-bit key
PBKDF2-ripemd160 1123875 iterations per second for 256-bit key
PBKDF2-whirlpool  773286 iterations per second for 256-bit key
argon2i       8 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id      8 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#     Algorithm |       Key |      Encryption |      Decryption
        aes-cbc        128b      1794.0 MiB/s      6427.8 MiB/s
    serpent-cbc        128b       107.4 MiB/s       765.7 MiB/s
    twofish-cbc        128b       275.7 MiB/s       498.2 MiB/s
        aes-cbc        256b      1392.5 MiB/s      5266.3 MiB/s
    serpent-cbc        256b       114.8 MiB/s       798.4 MiB/s
    twofish-cbc        256b       284.6 MiB/s       498.7 MiB/s
        aes-xts        256b      5290.1 MiB/s      5322.6 MiB/s
    serpent-xts        256b       697.6 MiB/s       635.9 MiB/s
    twofish-xts        256b       403.4 MiB/s       413.4 MiB/s
        aes-xts        512b      4070.4 MiB/s      4048.9 MiB/s
    serpent-xts        512b       664.6 MiB/s       642.0 MiB/s
    twofish-xts        512b       417.6 MiB/s       421.7 MiB/s
[–] krolden@lemmy.ml 1 points 6 months ago (1 children)

how about systemd-analyze and cryptsetup luksDump <lukspart> | grep Slot

[–] wesker@lemmy.sdf.org 1 points 6 months ago

I'm not using systemd. Grepping on Slot doesn't return any results.

LUKS header information
Version:       	2
Epoch:         	3
Metadata area: 	16384 [bytes]
Keyslots area: 	16744448 [bytes]
UUID:          	<redacted>
Label:         	(no label)
Subsystem:     	(no subsystem)
Flags:       	(no flags)

Data segments:
  0: crypt
	offset: 16777216 [bytes]
	length: (whole device)
	cipher: aes-xts-plain64
	sector: 512 [bytes]

Keyslots:
  0: luks2
	Key:        512 bits
	Priority:   normal
	Cipher:     aes-xts-plain64
	Cipher key: 512 bits
	PBKDF:      argon2id
	Time cost:  8
	Memory:     1048576
	Threads:    4
	Salt:       <redacted>
	AF stripes: 4000
	AF hash:    sha512
	Area offset:32768 [bytes]
	Area length:258048 [bytes]
	Digest ID:  0

@krolden @wesker As soon as my irritability crosses the 50% mark.😎