Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Encryption: I've shot myself in my own foot, need help!
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
frank9999
n00b
n00b


Joined: 20 Feb 2013
Posts: 61
Location: Germany

PostPosted: Tue Mar 03, 2015 11:23 pm    Post subject: Encryption: I've shot myself in my own foot, need help! Reply with quote

Hello,

i have a bigger problem and need some advice.
Starting Point:
Laptop and Workstation PC with LUKS encyrypted Gentoo.
Same 20-digit password on each machine.
Backups of the OS is also encrypted with the same password. Each folder in the root directory, has its own encrypted tar archive file.

And now the problem I have seemingly forgotten my password, or parts of it, that I've entered several times a day for approximately 1 year .... shit!
I can not understand it until now. Sunday at lunch I could Login, at the same evening....

So I have no longer have access to my operating systems on any computers. Shit!

The data is mostly(!) not affected, because they are on separate partitions with other passwords. Only a few weeks email, which would not be quite so tragic. But my complete Gentoo Install and Configs...

The two filed for such an emergency passwords are also gone :-( Shit!!!!!!!!!

I have now determined typed more than one hundred times passwords.
The more I tried, I become more uncertain whit the password. But I am absolutely sure in 15 of the 20 digits.

To decrypt and unpack, I have these lines in my restore script:

Code:

read -sp 'Password:' PASS; echo
...
exec 3<<<"$PASS"
openssl enc -in bin.tar.gz    -aes-256-cbc -d -pass fd:3 | tar -C /targetfolder -zxf -


Password:
PASS="*******?**??****?*??"
x=shure
?=now uncertain :-(

The symbols used in this password, I can narrow down to numbers, upper- and lowercase letters, and a few special characters.

Do i have a chance with a script here, that would brute force the "?" here? Or is it hopeless?
Who could help me with such a script, or is there a ready-made program that could help me here?
Back to top
View user's profile Send private message
BlueFusion
Guru
Guru


Joined: 08 Mar 2006
Posts: 371

PostPosted: Wed Mar 04, 2015 12:31 am    Post subject: Reply with quote

I'm sure a script can be written but I'm not too sure on how to make that.

For future lockout prevention, always add a key to the encrypted filesystems for such an event. Save the key in a USB stick in an unobvious file name. It can even be a picture.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2968
Location: Germany

PostPosted: Wed Mar 04, 2015 10:41 am    Post subject: Reply with quote

Well, a password generation script is trivial...

Code:

for a in foo bar baz
do
    for b in 1 2 3
    do
        for c in alpha beta gamma
        do
            password="$a$b$c"
            echo "Trying $password ..."
            echo -n "$password" | cryptsetup luksOpen ...
        done
    done
done


That would go through these: foo1alpha foo1beta foo1gamma foo2alpha foo2beta foo2gamma foo3alpha foo3beta foo3gamma bar1alpha bar1beta bar1gamma bar2alpha bar2beta bar2gamma bar3alpha bar3beta bar3gamma baz1alpha baz1beta baz1gamma baz2alpha baz2beta baz2gamma baz3alpha baz3beta baz3gamma

The problem is the amount of combinations you're going to create and the amount of time it takes to try each password. You can patch cryptsetup to read an entire list of passwords (saves you the time it takes to restart cryptsetup) and you can parallelize (one cryptsetup instance per core), and you can compile cryptsetup with a faster crypto library in the first place (nettle is fastest for me), but at most it will go at 10-20 passwords per second so if you create millions of combinations, it will take a while.

lukscrackplus patch: https://github.com/kholia/lukscrackplus http://paste.ubuntuusers.de/415757/

It might be more productive to go out for a walk for a few hours and then try typing the password again without thinking about it too much.

Also make sure you can rule out keyboard layout problems. If you don't normally type your password using us layout, it could be an issue if your initramfs failed to load your localized keyboard. With LUKS I always add passphrases twice so either layout will be accepted.

edit: oh, and I guess you should also make a luksheader backup and check it with hexdump for obvious damages - if there is non-random data in your stripes, something killed it. also if you're using whirlpool hashes you might suffer from an incompatible libgcrypt change that was made a while back - if you haven't updated (your initramfs) in a while
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum