From: Kereoz <kereoz@kereoz.org>
To: dm-crypt@saout.de
Cc: Arno Wagner <arno@wagner.name>
Subject: Re: [dm-crypt] Brute force aes-plain
Date: Fri, 18 May 2012 13:23:13 +0200 [thread overview]
Message-ID: <20120518112311.GD4505@localhost> (raw)
In-Reply-To: <20120517072728.GA11304@tansi.org>
On Thu, May 17, 2012 at 09:27:28AM +0200, Arno Wagner wrote:
> Hi,
Hi,
> > I don't know for sure whether I forgot the key or I am using the wrong
> > algorithm, as the version of cryptsetup I was using at the time was different
> > (different Debian release) and I read the defaults have changed. I am fairly
> > sure I used the '-c aes-plain' option initially but I had no luck with it. I
> > also tried aes-cbc-essiv and had no luck either. Is there anything else I could
> > try ?
>
> You could just intsall that old release to be sure. Or maybe just
> get the binary or source package and check that way. But AFAIK
> Debian never changed anything from the package defaults, so these
> two should be it.
I'll give it a go just in case (probably using the Debian snapshots to make sure
I reproduce the same behavior may it be different).
> > Is there anything faster I could use here ? I assume the best solution would be
> > to extract a couple of blocks from the hard drive, those containing the
> > filesystem superblock, decrypt it and then try to match the filesystem magic
> > number (reiser).
>
> Yes. There is a filesystem recognition linrary somewhere
> (used by mount -t auto), that may also be helpful.
Good to know, I'll check this out. Reiser is fairly easy to recognize though (as
you can just grep the "reiser" string).
> > I don't know how to do the decryption part quick enough for a
> > brute-force approch. Any suggestion would be appreciated.
>
> Hmm. Use the password hashing from the c-sources of cryptsetup (it is a
> bit more complicated than just direct hashing) and instead of doing
> a mapping, use an external AES implementation (gcrypt, openssl, etc.)
> to decrypt your test-data. Make sure to get the IV right. It should
> be the sector number for "-plain".
Perfect, this is exactly what I needed to know.
> I would suggest to make this work first with generated test-data. (New
> volume, new FS, key e.g. "abc"), and when that works then try
> it on you actual data. May take a few days of programming though.
I'll have a look when I have some time and will let the list know if I get it to
work.
Thank you for your answer.
--
Kereoz
prev parent reply other threads:[~2012-05-18 11:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-16 17:03 [dm-crypt] Brute force aes-plain Kereoz
2012-05-17 7:27 ` Arno Wagner
2012-05-18 11:23 ` Kereoz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120518112311.GD4505@localhost \
--to=kereoz@kereoz.org \
--cc=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox