Re: Forgot password BUT, fs is mounted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Dec 19, 2002 at 08:17:41AM -0500, Richard Devendra Gopaul wrote:
> it's never a bad idea to copy the files, just in case...
> 
> rgopaul@wam.umd.edu
> 
> On Wed, 18 Dec 2002, David Haraburda wrote:
> 
> > Hi,
> > 
> > I have forgotten the password to my encrypted file system (well, I
> > have a couple of guesses, but I'm not sure).  The reason I don't
> > want to try them is because the drive has been mounted and running
> > for awhile now... everything is fine, but just in case something
> > happens to the computer, I was wondering if there is any way to
> > recover the password from an already mounted partition?  If not, is
> > it possible for me to attempt to mount it again in a different
> > location (probably not?) so I can try guessing the password?  Or am
> > I just better off copying everything over while I have the chance
> > and re-encrypting and this time remembering the password? :-)

I think it safe to try mounting the same device in a different directory
as long as you mount it read-only. Otherwise, there is no known direct
way to recover the password by looking at the decrypted data (however,
you may be able to get the encryption/decryption key from the memory).
My advice is: SAVE YOUR DATA IMMEDIATELY.

By the way I had your problem some time ago. I wrote a brute forcer
based on kerenel's cryptoloop functionality, but I succeeded in only
discovering that each loop device detaching is done in a separate
(zombie) process which causes a temoprary system hang up when I run my
brute forcer (the old fork bomb). Note that I haven't tested the 2.4.20
kernel. A shell script (running at a lower rate) seems to work fine at
the cost of performance: don't expect much more than 20 password tests
per second.

Good luck,
-- 
Pav
                                 ,.,
                               ,``:'',
That your internet traffic is  {o ! o}  My GPG/PGP key is now available at
vulnarable is NOT only a joke! ] -+- [  x-hkp://search.keyserver.net:11371.
                                \ ! /
                                 `-'

`shell$ gpg --keyserver x-hkp://search.keyserver.net:11371 --recv-key 164C028F`
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/
[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux