From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dingo.eclaireurs.org (dingo.eclaireurs.org [91.121.140.153]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 6 Mar 2010 13:16:50 +0100 (CET) Message-ID: <4B92479A.5020800@gilouweb.com> Date: Sat, 06 Mar 2010 13:16:26 +0100 From: Gilles PIETRI MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset="iso-8859-1"; format="flowed" Content-Transfer-Encoding: quoted-printable Subject: Re: [dm-crypt] LUKS password forgoten, any way how to change it? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Marek Stopka , dm-crypt@saout.de Le 06/03/2010 01:12, Marek Stopka a =E9crit : > Hi guys, I have forgotten password to my luks encrypted disk, I have > lost no data (yet :) ), because system is still running with unlocked > device, but problem is, that I have a scheduled hardware maintanance > window quite soon, so I was wondering is it somehow easily possible to > luksAddKey without knowing a password or recover password from memory > or it will be much more easier to copy those data somewhere else and > create a new encrypted disk? It is like 12TB of data so I would really > prefer not to copy those data somewhere else, but if I will have to, I > can pull that off... >=20 > But I am wondering since key need to be in a memory somewhere there > could be a way... :) >=20 You could probably launch a "hot cold boot attack" then.. I have no idea=20 if luks/dmcrypt allows you to do it, but you could use that kind of=20 tools: http://citp.princeton.edu/memory/code/ that were made to look for=20 the key in RAM after a "cold boot". I guess the code or the idea behind it will work even better on an alive=20 system! Yet, maybe there is a simple way to do so using the standard tools.. Good luck, Gilou