brute force attack on dm-crypt

Discussion:

Stefan X

2009-01-16 18:35:22 UTC

Hi!
I forgot a password for an dm-crypt encrypted partition and would like
to try to break the encryption by brute force. Therefore I have some
questions.

Are there incompatibilities between old dm-crypt and LUKS or is it
possible to mount an old partition which is encrypted with dm-crypt (no
LUKS!) in an up-to-date distributions?

Tools like John the Ripper are great for cracking hashed passwords. Is
it possible to extract a hash out of a partition which can be used for
such attacks as John the Ripper do? If so, do you have any reference how
to execute this task?

Otherwise, I would need to try to mount the partition with each
potential password which would be quite slow. Do you have any
suggestions how to speed up this process?

Regards
Stefan

Raphaël Gertz

2009-01-16 19:08:38 UTC

Permalink

Post by Stefan X
Hi!
I forgot a password for an dm-crypt encrypted partition and would like
to try to break the encryption by brute force. Therefore I have some
questions.
Are there incompatibilities between old dm-crypt and LUKS or is it
possible to mount an old partition which is encrypted with dm-crypt (no
LUKS!) in an up-to-date distributions?

Not realy

Post by Stefan X
Tools like John the Ripper are great for cracking hashed passwords. Is
it possible to extract a hash out of a partition which can be used for
such attacks as John the Ripper do? If so, do you have any reference how
to execute this task?

Code yourself a C/C++ programe using john library

Post by Stefan X
Otherwise, I would need to try to mount the partition with each
potential password which would be quite slow. Do you have any
suggestions how to speed up this process?

Do like IBM, user a farm of server and makes them run for 4 month
(ibm did a aes brute force and they completed it in 4month)

To day you the trush i think you loosed everything, better try remember or find
old key.

Luks may have multiple key (7 slot), each one can store a password to decypher
the the master key, try to find the other key.

Anyway luks is designe to crypt the data on a military level, don't ever dream
to break it yourself except if you or someone is real expert in security that
discover a failure in aes or luks design.
The only other way would be to have friend in NSA or company with farmserver
that you can use for month...

Try the dm-crypt mailing list : dm-crypt à saout é de, but it's very unlikely
that you would fin a positive answer to your problem

Arno Wagner

2009-01-17 02:31:07 UTC

Permalink

LUKS and dm-crypt are two different systems. However there may well
support for dm-crypt in a modern sdistribution.

No. dm-crypt does not store a hashed password, encrypted or
otherwise. It directly uses the hash of your passphrase as
encryption key. If you still know what is on the partition, you may
be able to at least do a known-plaintext attack, but the only
thing you can use from John the Ripper is the password generation
scheme. However, since you should have at least some idea what
the password looks like, you would best adapt the password
generation to that.

Post by Stefan X
Otherwise, I would need to try to mount the partition with each
potential password which would be quite slow. Do you have any
suggestions how to speed up this process?

Do cryptsetup and see whether the filesystem looks right using your
own code. No mounting required. Even faster, read a sector with some
known contents into memory and decrypt it there using the algorithm
you used for dm-crypt (likely the default). No further disk access
required.

Arno

--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno-***@public.gmane.org
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier