From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dgbaley27@0x01b.net>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id HPEk-qP-WmSz for <dm-crypt@saout.de>;
 Tue, 12 Nov 2013 15:58:37 +0100 (CET)
Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com
 [IPv6:2607:f8b0:4001:c03::230])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 12 Nov 2013 15:58:37 +0100 (CET)
Received: by mail-ie0-f176.google.com with SMTP id x13so7410734ief.35
 for <dm-crypt@saout.de>; Tue, 12 Nov 2013 06:58:35 -0800 (PST)
Received: from [192.168.14.27] (c-76-120-71-139.hsd1.co.comcast.net.
 [76.120.71.139])
 by mx.google.com with ESMTPSA id x6sm24748554igb.3.2013.11.12.06.58.34
 for <dm-crypt@saout.de>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 12 Nov 2013 06:58:34 -0800 (PST)
Sender: Matthew Monaco <matt@0x01b.net>
Message-ID: <52824219.1010607@0x01b.net>
Date: Tue, 12 Nov 2013 07:58:33 -0700
From: Matthew Monaco <dgbaley27@0x01b.net>
MIME-Version: 1.0
References: <BLU181-W35325A5B76FBC4138E7AC8C9FD0@phx.gbl>,
 <20131109225126.GA8017@tansi.org>,
 <BLU181-W48EB1D9D106089FAF9A702C9FC0@phx.gbl>,
 <20131110162658.GB18656@tansi.org>
 <BLU181-W76117F145E9E68B99D5675C9FF0@phx.gbl>
In-Reply-To: <BLU181-W76117F145E9E68B99D5675C9FF0@phx.gbl>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Forgot dm-crypt password;
 suggestions on steps to undertake
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 11/10/2013 07:25 PM, John Thoe wrote:
> Hello Arno and Milan
> 
> Thanks very much for your replies. I was not successful in retrieving the
> passphrase but it was a good learning experience.
>

I'm not sure if this means that you couldn't find a good way to brute-force or
if your assumptions about the missing parts were wrong. I've done something
similar before, although the forgotten pieces were somewhat different and only
had ~32 possibilities. In any event, I used a script like this:

--------8<--------------------------------------------------------------
#!/bin/bash

dev="$1"
dictionary=( mypass-{0000..2000} )

for pass in "${dictionary[@]}"; do
	printf "Trying: %s..." "$pass"
	if echo -n "$pass" | cryptsetup luksOpen --test-passphrase \
	                         --key-file=- "$dev" lostdev &> /dev/null; then
		printf " SUCCESS!\n"
		break
	else
		printf "\n"
	fi
done
--------8<--------------------------------------------------------------

It didn't make sense to me to do it using libcryptsetup because the bottleneck
was the actual decryption attempt.

If this is for your root drive, you'd have to do it from a boot disk. If you're
data is important, and you really do need ~5000 attempts, I think the wait time
is manageable.