On Mon, Jan 20, 2014 at 2:08 PM, Artur Rataj <arturrataj@xxxxxxxxx> wrote:
> And if the passphrase is really mispelled, perhaps the best approach
> is to "mutate" it. I would wrote some simple looping program that
> would do some resonable insertions/deletions/replacements over the
> original passphrase and would use the result to brute-force the
> decryption. If there are some fixed time delays anywhere, removing
> them and re-compiling some kernel module or tool would likely be
> needed too.
I'm in the process of doing this now. I wrote a script to try various
mutations of the password I think it should be. See below. This ran
over the weekend, nearly melted my laptop, and didn't unwrap the
passphrase. Each iteration takes maybe half a second. At this rate
it's not feasible to try a brute force for all possible character
permutations. My next step is to create an optimised compiled version
that does this, and run it on a cloud instance somewhere. I happen to
have another wrapped-passphrase for a different encrypted directory. I
know that passphrase, and I can unwrap it (in the script below too).
Right now my compiled version cannot unwrap the control
wrapped-passhrase.
Thanks.
-Tom
#!/bin/bash
WRAPPED_PASSPHRASE="/path/to/wrapped-passphrase"
test ! -f "${WRAPPED_PASSPHRASE}" && echo "${WRAPPED_PASSPHRASE}" does
not exist. && exit 1
function unwrap() {
echo "$@".
printf "%s" "$@" | ecryptfs-unwrap-passphrase
"${WRAPPED_PASSPHRASE}" - 2>/dev/null
test $? = 0 && exit 0
}
for x1 in some pattern 1; do
for x2 in some pattern 2; do
for x3 in some pattern 3; do
for x4 in some pattern 4; do
unwrap "${x1}${x2}${x3}${x4}"
done
done
done
done
exit 1
--
To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
