Hi, I just wanted to shortly ask, if there have any tools emerged since my initial post, which could help me on the recovery on my lost password for losetup: losetup -e AES256 -C 500 /dev/loop0 /dev/md2 The proposed way was to use brute force and try to compute passwords and check if they result in (03 ... 00) (ext2 zero sectors). Any hints / refs to snippets would be helpful! I am currently on AMD64. greetings, l.r. On 18.11.2006 13:52, Jari Ruusu wrote: > Lars Reimann wrote: >> I stored my 20 character passwords on my palm device only (i know by now >> that this was stupid!). However, that one chrashed and apparently all data >> was lost, including passwords. However, i may remember certain details of >> the password, for example which characters I used not, and how the >> password ends. > This won't help you now, but one way to handle lost/forgotten passphrases is > to use gpg encrypted key files where all key files are encrypted using both > employer's "recovery" public key and user's public key. Employer's > "recovery" public key can be distributed to everyone, and copies of private > keys physically locked in a safe. That way employer can recover user's data > even if user drops dead. > >> Also, i would like to automate to try different passwords. Is there a >> program available which does such (brute force) things with the >> cryptoloop? however I may have to write it on my own if nothing is >> available. I heard it may be possible to extract some sectors of ext2/3 >> partitions which are always "zero". Then the decryption can be verified by >> using such sectors. Has anyone an idea which SECTORS this are on ext2/3 >> partitions and how to extract them? > First 16 bytes of fourth 512 byte sector are always zero on unencrypted ext2 > and ext3 file systems. > > This command shows you your ciphertext (in hex): > > dd if=/dev/md2 bs=16 skip=96 count=1 2>/dev/null | od -An -tx1 - > > And when you find a key that decrypts to (in hex): > > 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > Then you have found your key. That 03 number is the XOR of zero file system > data and sector number IV of fourth 512 byte sector. > > If you used loop-AES version of losetup, as your losetup syntax seems to > imply, then you need to: > > 1) Compute hash #1 of your passphrase using SHA512, store first 256 bits as > 'bulk_key'. Zero/CR/LF byte at the end of string NOT included in hash. > > 2) Compute hash #2 of your passphrase using SHA512, but bit 0 of first > passphrase byte inverted. > > 3) Encrypt first 128 bits of bulk_key, using first 256 bits of hash #2 as > AES256 key. > > 4) Encrypt second 128 bits of bulk_key, using first 256 bits of hash #2 as > AES256 key. > > 5) Exchange bytes bulk_key[8...15] with bulk_key[16...23] > > 6) Repeat steps 3...5 for total of 500000 times. > > 7) Decrypt your file system ciphertext using AES256 and bulk_key > > 8) Compare to known plaintext (03 00 .... 00 00). If it matches, then you > found your passphrase. > - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
