From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4vNiIRuETjDn for ; Wed, 16 May 2012 19:32:00 +0200 (CEST) Received: from slow3-v.mail.gandi.net (slow3-v.mail.gandi.net [217.70.178.89]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 16 May 2012 19:32:00 +0200 (CEST) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by slow3-v.mail.gandi.net (Postfix) with ESMTP id 4AF2939DA7 for ; Wed, 16 May 2012 19:03:56 +0200 (CEST) Received: from mfilter4-d.gandi.net (mfilter4-d.gandi.net [217.70.178.134]) by relay4-d.mail.gandi.net (Postfix) with ESMTP id EE372172071 for ; Wed, 16 May 2012 19:03:44 +0200 (CEST) Received: from relay4-d.mail.gandi.net ([217.70.183.196]) by mfilter4-d.gandi.net (mfilter4-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id SHl7D2h8n7Zq for ; Wed, 16 May 2012 19:03:43 +0200 (CEST) Received: from localhost (ARennes-652-1-170-198.w81-53.abo.wanadoo.fr [81.53.185.198]) (Authenticated sender: kereoz@kereoz.org) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 68D49172077 for ; Wed, 16 May 2012 19:03:43 +0200 (CEST) Date: Wed, 16 May 2012 19:03:40 +0200 From: Kereoz Message-ID: <20120516170339.GC4505@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [dm-crypt] Brute force aes-plain List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi all, Quick story: - are there any knows issues with plain dm-crypt volumes in Debian ? (Other than the default changing from aes-cbc-plain to aes-cbc-essiv ?) - anyone here tried bruteforcing aes-cbc-plain (I got a rather short key) ? (Could you please CC me in the replies to this thread as I am not (yet ?) a subscriber of this mailing list). Long story: I recently came back from a one year trip abroad, and got my hands back on an encrypted hard drive I left there. I was pretty sure I knew the key for this drive but after trying everything I could think about it is now sitting on my desk until I find a solution. I don't know for sure whether I forgot the key or I am using the wrong algorithm, as the version of cryptsetup I was using at the time was different (different Debian release) and I read the defaults have changed. I am fairly sure I used the '-c aes-plain' option initially but I had no luck with it. I also tried aes-cbc-essiv and had no luck either. Is there anything else I could try ? Now, in the case I just forgot the key, it wasn't very long anyway (~ 10 characters) and I got some ideas about the characters it might contain. Considering that most chances are that the algorithm is aes-cbc-plain, it is probably possible. I tried writing a script for this, but there are several issues : - cryptsetup takes a while to create a devmapper mapping - trying to mount the partition also takes a while - cryptsetup then takes a while to delete the devmapper mapping When you put that together, it is definitely too slow to bruteforce anything. Is there anything faster I could use here ? I assume the best solution would be to extract a couple of blocks from the hard drive, those containing the filesystem superblock, decrypt it and then try to match the filesystem magic number (reiser). I don't know how to do the decryption part quick enough for a brute-force approch. Any suggestion would be appreciated. Regards, Kereoz