From: Kereoz <kereoz@kereoz.org>
To: dm-crypt@saout.de
Cc: Arno Wagner <arno@wagner.name>
Subject: Re: [dm-crypt] Brute force aes-plain
Date: Fri, 18 May 2012 13:23:13 +0200 [thread overview]
Message-ID: <20120518112311.GD4505@localhost> (raw)
In-Reply-To: <20120517072728.GA11304@tansi.org>
On Thu, May 17, 2012 at 09:27:28AM +0200, Arno Wagner wrote:
> Hi,
Hi,
> > I don't know for sure whether I forgot the key or I am using the wrong
> > algorithm, as the version of cryptsetup I was using at the time was different
> > (different Debian release) and I read the defaults have changed. I am fairly
> > sure I used the '-c aes-plain' option initially but I had no luck with it. I
> > also tried aes-cbc-essiv and had no luck either. Is there anything else I could
> > try ?
>
> You could just intsall that old release to be sure. Or maybe just
> get the binary or source package and check that way. But AFAIK
> Debian never changed anything from the package defaults, so these
> two should be it.
I'll give it a go just in case (probably using the Debian snapshots to make sure
I reproduce the same behavior may it be different).
> > Is there anything faster I could use here ? I assume the best solution would be
> > to extract a couple of blocks from the hard drive, those containing the
> > filesystem superblock, decrypt it and then try to match the filesystem magic
> > number (reiser).
>
> Yes. There is a filesystem recognition linrary somewhere
> (used by mount -t auto), that may also be helpful.
Good to know, I'll check this out. Reiser is fairly easy to recognize though (as
you can just grep the "reiser" string).
> > I don't know how to do the decryption part quick enough for a
> > brute-force approch. Any suggestion would be appreciated.
>
> Hmm. Use the password hashing from the c-sources of cryptsetup (it is a
> bit more complicated than just direct hashing) and instead of doing
> a mapping, use an external AES implementation (gcrypt, openssl, etc.)
> to decrypt your test-data. Make sure to get the IV right. It should
> be the sector number for "-plain".
Perfect, this is exactly what I needed to know.
> I would suggest to make this work first with generated test-data. (New
> volume, new FS, key e.g. "abc"), and when that works then try
> it on you actual data. May take a few days of programming though.
I'll have a look when I have some time and will let the list know if I get it to
work.
Thank you for your answer.
--
Kereoz
prev parent reply other threads:[~2012-05-18 11:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-16 17:03 [dm-crypt] Brute force aes-plain Kereoz
2012-05-17 7:27 ` Arno Wagner
2012-05-18 11:23 ` Kereoz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120518112311.GD4505@localhost \
--to=kereoz@kereoz.org \
--cc=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.