From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id U5iyx2OAKtwF for <dm-crypt@saout.de>;
 Fri, 20 Jul 2012 00:48:22 +0200 (CEST)
Received: from mail-we0-f178.google.com (mail-we0-f178.google.com
 [74.125.82.178])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri, 20 Jul 2012 00:48:22 +0200 (CEST)
Received: by weyu7 with SMTP id u7so2709779wey.37
 for <dm-crypt@saout.de>; Thu, 19 Jul 2012 15:48:22 -0700 (PDT)
Message-ID: <50088EB1.4090403@gmail.com>
Date: Fri, 20 Jul 2012 00:48:17 +0200
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [dm-crypt] LUKS & search for passphrase using dictionary
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt <dm-crypt@saout.de>

Hi,

>From time to time someone tries to recover (or crack) LUKS passphrase
using dictionary lists.
I saw lately even some crazy patches for cryptsetup doing that.

Please do not patch source or create some slow bash scripts
(initialization and memory locking cost resources).
Just use libcryptsetup. I added some example how to do it, see

http://code.google.com/p/cryptsetup/source/browse/#git%2Fmisc%2Fdict_search

e.g. for JTR known password list you can run (on quadcore cpu here)
  # luks_dict test.img /usr/share/john/password.lst 4

Then read FAQ how LUKS keyslot iterations slow down these attacks...

It is just quickly written example, perhaps with some bugs.

Anyway, enjoy :)
Milan

p.s.
If you really run this, compile cryptsetup with openssl support
(configure --with-crypto_backend=openssl) it is quicker than default gcrypt.