From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1dTqmYVIet8y for ; Sat, 9 Nov 2013 22:51:26 +0100 (CET) Received: from blu0-omc1-s10.blu0.hotmail.com (blu0-omc1-s10.blu0.hotmail.com [65.55.116.21]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 9 Nov 2013 22:51:26 +0100 (CET) Message-ID: Content-Type: multipart/alternative; boundary="_ab1e98a6-a80b-4d8b-989f-488d3795ee40_" From: John Thoe Date: Sat, 9 Nov 2013 21:48:25 +0000 MIME-Version: 1.0 Subject: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "dm-crypt@saout.de" --_ab1e98a6-a80b-4d8b-989f-488d3795ee40_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =0A= =0A= =0A= Hi I forgot the passphrase of my laptop which was encrypted using dm-crypt (wi= thout LUKS). I use Debian so just used the default settings that were sugge= sted. I understand that passwords cannot be recovered but please hear me out. In = my case=2C I am sure that I am forgetting the last four digits I set becaus= e the rest of the password is clear in my memory. A couple of questions I could really use help with: 1. Is it possible to brute force the disk since even though my password is = fairly long=2C I am sure about all of it except the last 4-6 digits. 2. If (1) is not possible=2C is there any way I can make it easy to type in= passwords? Right now=2C initramfs does not show me the password I am typin= g. Is there anyway I can have feedback from it so that I know that I am at = least typing in stuff correctly? Or even better=2C is there any way I load = a text file with a list of the probable passwords? Any help would be much appreciated.=20 Thank you. John =0A= = --_ab1e98a6-a80b-4d8b-989f-488d3795ee40_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
=0A= =0A= =0A=
Hi

I forgot the passphrase of my laptop which was e= ncrypted using dm-crypt (without LUKS). I use Debian so just used the defau= lt settings that were suggested.

I understand that passwords cannot = be recovered but please hear me out. In my case=2C I am sure that I am forg= etting the last four digits I set because the rest of the password is clear= in my memory.

A couple of questions I could really use help with:
1. Is it possible to brute force the disk since even though my passwo= rd is fairly long=2C I am sure about all of it except the last 4-6 digits.<= br>
2. If (1) is not possible=2C is there any way I can make it easy to = type in passwords? Right now=2C initramfs does not show me the password I a= m typing. Is there anyway I can have feedback from it so that I know that I= am at least typing in stuff correctly? Or even better=2C is there any way = I load a text file with a list of the probable passwords?

Any help w= ould be much appreciated.

Thank you.

John
=0A=
= --_ab1e98a6-a80b-4d8b-989f-488d3795ee40_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bH7LJUc8TnxU for ; Sat, 9 Nov 2013 23:51:27 +0100 (CET) Received: from v6.tansi.org (unknown [87.118.116.4]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 9 Nov 2013 23:51:27 +0100 (CET) Received: from gatewagner.dyndns.org (77-57-44-254.dclient.hispeed.ch [77.57.44.254]) by v6.tansi.org (Postfix) with ESMTPA id 0AD5534FA001 for ; Sat, 9 Nov 2013 23:51:27 +0100 (CET) Date: Sat, 9 Nov 2013 23:51:26 +0100 From: Arno Wagner Message-ID: <20131109225126.GA8017@tansi.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Sat, Nov 09, 2013 at 22:48:25 CET, John Thoe wrote: > > > > Hi > > I forgot the passphrase of my laptop which was encrypted using dm-crypt > (without LUKS). I use Debian so just used the default settings that were > suggested. > > I understand that passwords cannot be recovered but please hear me out. In > my case, I am sure that I am forgetting the last four digits I set because > the rest of the password is clear in my memory. > > A couple of questions I could really use help with: > > 1. Is it possible to brute force the disk since even though my password is > fairly long, I am sure about all of it except the last 4-6 digits. It actually does not matter at all how long your password is (unless it goes into the kB range), just how many characters are unknown. If you are missing 6 characters, with a standard alphabeth of, say, 2x26 chars + 10 digits and 20 special symbols, that would take about 300'000'000 tries. As this is plain dm-crypt, a try does not take about 1 second but signigicantly less (no iterated hashing). No idea how fast this really is, but if programmed right, it may be doable in a few days of trying. Of course, you also have to recognize when you have the right password, which depends on what is in there. "blkid" may help to recognize a filesystem, but again I have no idea how fast it is. Anyway, this is a case for using libcryptsetup directly and it will require some real programming work. > 2. If (1) is not possible, is there any way I can make it easy to type in > passwords? Right now, initramfs does not show me the password I am > typing. Is there anyway I can have feedback from it so that I know that I > am at least typing in stuff correctly? Or even better, is there any way I > load a text file with a list of the probable passwords? You need to do that yourself or find a distribution that does it for you. Initramfs usage is out of scope of the cryptsetup tool. A list of "probable passwords" would be exceedingly insecure. And while researchers have been tryong for a couple of decades, there still is no easy way to input passwords and remain secure, and there probably will never be one. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sRC29HwqIr6b for ; Sun, 10 Nov 2013 01:15:28 +0100 (CET) Received: from blu0-omc1-s2.blu0.hotmail.com (blu0-omc1-s2.blu0.hotmail.com [65.55.116.13]) by mail.saout.de (Postfix) with ESMTP for ; Sun, 10 Nov 2013 01:15:26 +0100 (CET) Message-ID: From: John Thoe Date: Sun, 10 Nov 2013 00:15:25 +0000 In-Reply-To: <20131109225126.GA8017@tansi.org> References: , <20131109225126.GA8017@tansi.org> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "dm-crypt@saout.de" > If you are missing 6 characters=2C with a standard alphabeth of=2C say=2C= =0A= > 2x26 chars + 10 digits and 20 special symbols=2C that would take=0A= > about 300'000'000 tries. As this is plain dm-crypt=2C a try does=0A= > not take about 1 second but signigicantly less (no iterated=0A= > hashing). No idea how fast this really is=2C but if programmed right=2C= =0A= > it may be doable in a few days of trying. Of course=2C you also have=0A= > to recognize when you have the right password=2C which depends on=0A= > what is in there. "blkid" may help to recognize a filesystem=2C=0A= > but again I have no idea how fast it is.=0A= =0A= Sorry it was actually dm-crypt with LUKS. I just checked and had no idea be= fore.=0A= =0A= I have generated the possible permutation list. Wouldn't it make sense to j= ust brute force LUKS with the 100=2C000 possible combinations or is that a = bad idea?=0A= =0A= Sorry=2C I am trying to understand if it is possible to do this or I should= just give up hope. = From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKR_jLFMNbVc for ; Sun, 10 Nov 2013 02:03:46 +0100 (CET) Received: from mail-ea0-x234.google.com (mail-ea0-x234.google.com [IPv6:2a00:1450:4013:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Sun, 10 Nov 2013 02:03:46 +0100 (CET) Received: by mail-ea0-f180.google.com with SMTP id b11so1907380eae.39 for ; Sat, 09 Nov 2013 17:03:45 -0800 (PST) Message-ID: <527EDB6E.2040701@gmail.com> Date: Sun, 10 Nov 2013 02:03:42 +0100 From: Milan Broz MIME-Version: 1.0 References: , <20131109225126.GA8017@tansi.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: John Thoe Cc: "dm-crypt@saout.de" On 11/10/2013 01:15 AM, John Thoe wrote: > I have generated the possible permutation list. Wouldn't it make > sense to just brute force LUKS with the 100,000 possible combinations > or is that a bad idea? You can try it with some parallel runs... There is an example in cryptsetup source which tries passphrases from file and also supports parallel search on multi core CPUs. You can also split generated file and start part of search on another machine (you need to copy LUKS header - first 4MB of the disk shoud be enough or better you can use luksBackup). Download source or see http://code.google.com/p/cryptsetup/source/browse/#git%2Fmisc%2Fdict_search (try it on some example first if it works for you, it was just quick example, of libcryptsetup use and not much tested ... and read README) Milan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82Bjp402pUsi for ; Sun, 10 Nov 2013 17:26:59 +0100 (CET) Received: from v6.tansi.org (unknown [87.118.116.4]) by mail.saout.de (Postfix) with ESMTP for ; Sun, 10 Nov 2013 17:26:59 +0100 (CET) Received: from gatewagner.dyndns.org (77-57-44-254.dclient.hispeed.ch [77.57.44.254]) by v6.tansi.org (Postfix) with ESMTPA id E2D9D34FA001 for ; Sun, 10 Nov 2013 17:26:58 +0100 (CET) Date: Sun, 10 Nov 2013 17:26:58 +0100 From: Arno Wagner Message-ID: <20131110162658.GB18656@tansi.org> References: <20131109225126.GA8017@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Sun, Nov 10, 2013 at 01:15:25 CET, John Thoe wrote: > > If you are missing 6 characters, with a standard alphabeth of, say, > > 2x26 chars + 10 digits and 20 special symbols, that would take > > about 300'000'000 tries. As this is plain dm-crypt, a try does > > not take about 1 second but signigicantly less (no iterated > > hashing). No idea how fast this really is, but if programmed right, > > it may be doable in a few days of trying. Of course, you also have > > to recognize when you have the right password, which depends on > > what is in there. "blkid" may help to recognize a filesystem, > > but again I have no idea how fast it is. > > Sorry it was actually dm-crypt with LUKS. I just checked and had no idea > before. That makes it both easier and harder. Easier because the check whether a password matches is now trivial. Harder because LUKS uses iterated hashing. Milan has an example for doing this somewhere in the source package, best use that. Doing it manually with the commandline cryptsetup is possible, but not recommended. It is likely harder than using the example dictionary search tool, and it can use multiple CPUs. > I have generated the possible permutation list. Wouldn't it make sense to > just brute force LUKS with the 100,000 possible combinations or is that a > bad idea? That is actually the only thing you can do. With 100'000 combinations, you can expect this to take something like 100'000 CPU seconds, or roughly 28h on a single CPU. If you do this on an image file of your LUKS container, just copying the first 100MB or so should work fine. > Sorry, I am trying to understand if it is possible to do this or I should > just give up hope. If your 100'000 combinations have the right one in there, then it is not even very hard to do. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gJSihnAIsez9 for ; Mon, 11 Nov 2013 03:25:32 +0100 (CET) Received: from blu0-omc1-s29.blu0.hotmail.com (blu0-omc1-s29.blu0.hotmail.com [65.55.116.40]) by mail.saout.de (Postfix) with ESMTP for ; Mon, 11 Nov 2013 03:25:31 +0100 (CET) Message-ID: Content-Type: multipart/alternative; boundary="_a70e4637-9c2a-417e-b6f3-854a394256cf_" From: John Thoe Date: Mon, 11 Nov 2013 02:25:30 +0000 In-Reply-To: <20131110162658.GB18656@tansi.org> References: , <20131109225126.GA8017@tansi.org>, , <20131110162658.GB18656@tansi.org> MIME-Version: 1.0 Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "dm-crypt@saout.de" --_a70e4637-9c2a-417e-b6f3-854a394256cf_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello Arno and Milan Thanks very much for your replies. I was not successful in retrieving the p= assphrase but it was a good learning experience. A question about LUKS I have is that I travel a lot and sometimes have to l= eave my laptop unattended and I put it to sleep or lock it. Is it possible = for an attacker to retrieve the keys while the laptop is in that state. My = question is that should I always shutdown the laptop to be safe or is it fi= ne to leave it locked or in sleep mode? Can the keys be recovered from memo= ry? = --_a70e4637-9c2a-417e-b6f3-854a394256cf_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello Arno and Milan

Tha= nks very much for your replies. I was not successful in retrieving the pass= phrase but it was a good learning experience.

A qu= estion about LUKS I have is that I travel a lot and sometimes have to leave= my laptop unattended and I put it to sleep or lock it. Is it possible for = an attacker to retrieve the keys while the laptop is in that state. My ques= tion is that should I always shutdown the laptop to be safe or is it fine t= o leave it locked or in sleep mode? Can the keys be recovered from memory?<= /div>
= --_a70e4637-9c2a-417e-b6f3-854a394256cf_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Oy6RdVfYbXI for ; Mon, 11 Nov 2013 04:13:14 +0100 (CET) Received: from v6.tansi.org (unknown [87.118.116.4]) by mail.saout.de (Postfix) with ESMTP for ; Mon, 11 Nov 2013 04:13:14 +0100 (CET) Received: from gatewagner.dyndns.org (77-57-44-254.dclient.hispeed.ch [77.57.44.254]) by v6.tansi.org (Postfix) with ESMTPA id 13D1034FA001 for ; Mon, 11 Nov 2013 04:13:14 +0100 (CET) Date: Mon, 11 Nov 2013 04:13:13 +0100 From: Arno Wagner Message-ID: <20131111031313.GA24913@tansi.org> References: <20131109225126.GA8017@tansi.org> <20131110162658.GB18656@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Mon, Nov 11, 2013 at 03:25:30 CET, John Thoe wrote: > Hello Arno and Milan > Thanks very much for your replies. I was not successful in retrieving the > passphrase but it was a good learning experience. > A question about LUKS I have is that I travel a lot and sometimes have to > leave my laptop unattended and I put it to sleep or lock it. Is it > possible for an attacker to retrieve the keys while the laptop is in that > state. My question is that should I always shutdown the laptop to be safe > or is it fine to leave it locked or in sleep mode? Can the keys be > recovered from memory? The keys can be recovered from memory. Also, an attacker could boot your machine and install malware or could install a physical key-logger. The usual consent is that if an attacker has repeated unnoticed physical access to a machine, no security measure will help. Even encryption (shut-down state) will really only help against an attacker that gets access only once and steals the machine. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hOdTVnCIsnnL for ; Mon, 11 Nov 2013 06:51:38 +0100 (CET) Received: from mail-bk0-x22c.google.com (mail-bk0-x22c.google.com [IPv6:2a00:1450:4008:c01::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Mon, 11 Nov 2013 06:51:38 +0100 (CET) Received: by mail-bk0-f44.google.com with SMTP id mx12so580099bkb.31 for ; Sun, 10 Nov 2013 21:51:37 -0800 (PST) Received: from [192.168.2.24] (56.157.broadband5.iol.cz. [88.100.157.56]) by mx.google.com with ESMTPSA id w9sm13179232bkn.12.2013.11.10.21.51.34 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 10 Nov 2013 21:51:36 -0800 (PST) Message-ID: <5280705B.7010506@gmail.com> Date: Mon, 11 Nov 2013 06:51:23 +0100 From: Milan Broz MIME-Version: 1.0 References: <20131109225126.GA8017@tansi.org> <20131110162658.GB18656@tansi.org> <20131111031313.GA24913@tansi.org> In-Reply-To: <20131111031313.GA24913@tansi.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11.11.2013 4:13, Arno Wagner wrote: > On Mon, Nov 11, 2013 at 03:25:30 CET, John Thoe wrote: >> Hello Arno and Milan > >> Thanks very much for your replies. I was not successful in retrieving the >> passphrase but it was a good learning experience. > >> A question about LUKS I have is that I travel a lot and sometimes have to >> leave my laptop unattended and I put it to sleep or lock it. Is it >> possible for an attacker to retrieve the keys while the laptop is in that >> state. My question is that should I always shutdown the laptop to be safe >> or is it fine to leave it locked or in sleep mode? Can the keys be >> recovered from memory? > > The keys can be recovered from memory. Also, an attacker could > boot your machine and install malware or could install a physical > key-logger. The usual consent is that if an attacker has > repeated unnoticed physical access to a machine, no security > measure will help. Even encryption (shut-down state) will really > only help against an attacker that gets access only once and > steals the machine. This is obviously true. But if ignoring hw tampering, if you use hibernate (to encrypted swap - should be default for distros with encrypted install) it is safe - key is not in memory, RAM content is stored encrypted, and you have to provide password on resume. For suspend to RAM ("sleep") the key is still in memory so it can be quite easily extracted. (dmcrypt provides way how to temporarily wipe key from memory but distributions do not use yet this because it requires quite complex handling) Milan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HPEk-qP-WmSz for ; Tue, 12 Nov 2013 15:58:37 +0100 (CET) Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 12 Nov 2013 15:58:37 +0100 (CET) Received: by mail-ie0-f176.google.com with SMTP id x13so7410734ief.35 for ; Tue, 12 Nov 2013 06:58:35 -0800 (PST) Received: from [192.168.14.27] (c-76-120-71-139.hsd1.co.comcast.net. [76.120.71.139]) by mx.google.com with ESMTPSA id x6sm24748554igb.3.2013.11.12.06.58.34 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 Nov 2013 06:58:34 -0800 (PST) Sender: Matthew Monaco Message-ID: <52824219.1010607@0x01b.net> Date: Tue, 12 Nov 2013 07:58:33 -0700 From: Matthew Monaco MIME-Version: 1.0 References: , <20131109225126.GA8017@tansi.org>, , <20131110162658.GB18656@tansi.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/10/2013 07:25 PM, John Thoe wrote: > Hello Arno and Milan > > Thanks very much for your replies. I was not successful in retrieving the > passphrase but it was a good learning experience. > I'm not sure if this means that you couldn't find a good way to brute-force or if your assumptions about the missing parts were wrong. I've done something similar before, although the forgotten pieces were somewhat different and only had ~32 possibilities. In any event, I used a script like this: --------8<-------------------------------------------------------------- #!/bin/bash dev="$1" dictionary=( mypass-{0000..2000} ) for pass in "${dictionary[@]}"; do printf "Trying: %s..." "$pass" if echo -n "$pass" | cryptsetup luksOpen --test-passphrase \ --key-file=- "$dev" lostdev &> /dev/null; then printf " SUCCESS!\n" break else printf "\n" fi done --------8<-------------------------------------------------------------- It didn't make sense to me to do it using libcryptsetup because the bottleneck was the actual decryption attempt. If this is for your root drive, you'd have to do it from a boot disk. If you're data is important, and you really do need ~5000 attempts, I think the wait time is manageable. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqsvapiKp1Sl for ; Tue, 12 Nov 2013 16:11:10 +0100 (CET) Received: from mail-ea0-x231.google.com (mail-ea0-x231.google.com [IPv6:2a00:1450:4013:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 12 Nov 2013 16:11:10 +0100 (CET) Received: by mail-ea0-f177.google.com with SMTP id f15so3526769eak.8 for ; Tue, 12 Nov 2013 07:11:09 -0800 (PST) Received: from [192.168.43.92] (ip-37-188-230-33.eurotel.cz. [37.188.230.33]) by mx.google.com with ESMTPSA id s3sm76944933eeo.3.2013.11.12.07.11.07 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 Nov 2013 07:11:08 -0800 (PST) Message-ID: <528244FD.4060109@gmail.com> Date: Tue, 12 Nov 2013 16:10:53 +0100 From: Milan Broz MIME-Version: 1.0 References: , <20131109225126.GA8017@tansi.org>, , <20131110162658.GB18656@tansi.org> <52824219.1010607@0x01b.net> In-Reply-To: <52824219.1010607@0x01b.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt On 11/12/2013 03:58 PM, Matthew Monaco wrote: > It didn't make sense to me to do it using libcryptsetup because the bottleneck > was the actual decryption attempt. The example I posted link to is using common context and arbitrary number of processes (default is number of CPU cores) which run in parallel (hash iterations can easily run in parallel on different CPUs) So every process tries n-th line in candidate password file. This is the advantage (plus save some negligible initialization time), otherwise script is fine of course. Milan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvHDI1m09Whz for ; Tue, 12 Nov 2013 19:56:34 +0100 (CET) Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 12 Nov 2013 19:56:34 +0100 (CET) Received: by mail-ie0-f170.google.com with SMTP id to1so5219499ieb.15 for ; Tue, 12 Nov 2013 10:56:32 -0800 (PST) Received: from [172.20.66.27] (ucb-np1-206.colorado.edu. [128.138.64.206]) by mx.google.com with ESMTPSA id qi3sm25797808igc.8.2013.11.12.10.56.30 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 Nov 2013 10:56:30 -0800 (PST) Sender: Matthew Monaco Message-ID: <528279DD.3020503@0x01b.net> Date: Tue, 12 Nov 2013 11:56:29 -0700 From: Matthew Monaco MIME-Version: 1.0 References: , <20131109225126.GA8017@tansi.org>, , <20131110162658.GB18656@tansi.org> <52824219.1010607@0x01b.net> <528244FD.4060109@gmail.com> In-Reply-To: <528244FD.4060109@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/12/2013 08:10 AM, Milan Broz wrote: > On 11/12/2013 03:58 PM, Matthew Monaco wrote: >> It didn't make sense to me to do it using libcryptsetup because the bottleneck >> was the actual decryption attempt. > > The example I posted link to is using common context and arbitrary number > of processes (default is number of CPU cores) which run in parallel > (hash iterations can easily run in parallel on different CPUs) > So every process tries n-th line in candidate password file. > > This is the advantage (plus save some negligible initialization time), > otherwise script is fine of course. > I read up from his message and missed your link. I'll keep that handy =) It's not that I have a horrible memory, I just occasionally don't use a volume for many months or even years at a time.