On Sat, Nov 09, 2013 at 22:48:25 CET, John Thoe wrote: > > > > Hi > > I forgot the passphrase of my laptop which was encrypted using dm-crypt > (without LUKS). I use Debian so just used the default settings that were > suggested. > > I understand that passwords cannot be recovered but please hear me out. In > my case, I am sure that I am forgetting the last four digits I set because > the rest of the password is clear in my memory. > > A couple of questions I could really use help with: > > 1. Is it possible to brute force the disk since even though my password is > fairly long, I am sure about all of it except the last 4-6 digits. It actually does not matter at all how long your password is (unless it goes into the kB range), just how many characters are unknown. If you are missing 6 characters, with a standard alphabeth of, say, 2x26 chars + 10 digits and 20 special symbols, that would take about 300'000'000 tries. As this is plain dm-crypt, a try does not take about 1 second but signigicantly less (no iterated hashing). No idea how fast this really is, but if programmed right, it may be doable in a few days of trying. Of course, you also have to recognize when you have the right password, which depends on what is in there. "blkid" may help to recognize a filesystem, but again I have no idea how fast it is. Anyway, this is a case for using libcryptsetup directly and it will require some real programming work. > 2. If (1) is not possible, is there any way I can make it easy to type in > passwords? Right now, initramfs does not show me the password I am > typing. Is there anyway I can have feedback from it so that I know that I > am at least typing in stuff correctly? Or even better, is there any way I > load a text file with a list of the probable passwords? You need to do that yourself or find a distribution that does it for you. Initramfs usage is out of scope of the cryptsetup tool. A list of "probable passwords" would be exceedingly insecure. And while researchers have been tryong for a couple of decades, there still is no easy way to input passwords and remain secure, and there probably will never be one. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
