On Fri, Jul 20, 2012 at 12:48:17AM +0200, Milan Broz wrote: > Hi, > > From time to time someone tries to recover (or crack) LUKS passphrase > using dictionary lists. > I saw lately even some crazy patches for cryptsetup doing that. Urgh :-) > Please do not patch source or create some slow bash scripts > (initialization and memory locking cost resources). > Just use libcryptsetup. I added some example how to do it, see > > http://code.google.com/p/cryptsetup/source/browse/#git%2Fmisc%2Fdict_search Cool! Nicely compact as any good piece of example code should be. I also like the multi-process capability. > e.g. for JTR known password list you can run (on quadcore cpu here) > # luks_dict test.img /usr/share/john/password.lst 4 > > Then read FAQ how LUKS keyslot iterations slow down these attacks... Specifically, FAQ items 5.7, 5.8 and 5.9 can give you some insight about the amount of effort you can expect. > It is just quickly written example, perhaps with some bugs. > > Anyway, enjoy :) > Milan > > p.s. > If you really run this, compile cryptsetup with openssl support > (configure --with-crypto_backend=openssl) it is quicker than default gcrypt. > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
