You are not logged in.
Hi,
I have an external hard drive with one partition formatted as LUKS encrypted drive. I, now, forgot passphrase to unlock that partition. I have tried all passphrases I can think of. But none seem to work. I have only one keyslot enabled. Is there anyway I can get access back it? Or, am I simply going to lose all my data?
It has lots of important personal files. And, that's the reason I encrypted it in the first place.
Any help is greatly appreciated.
Thanks,
Last edited by emorkay (2015-05-25 14:41:08)
Offline
If the device is unlocked, you could write a new passphrase to the next slot. Otherwise, I think that you are in exactly the same boat as a would-be attacker...
Offline
If there was any way to recover the data after you lost your passphrase then it wouldn't be "secure" would it?
Offline
@jasonwryan: The device is not unlocked.
@headkase: yes, it wouldn't be secure. So, I am just going to lose my data. Is that it? ![]()
And, by the way, I encrypted it on an arch machine but now I am trying to unlock it on my brother's laptop which has Ubuntu 15.04. Is this a problem? Any version mismatches or unsupported ciphers etc?
Offline
If the keymap is different between those machines, that would explain why the passphrase wasn't working.
Offline
I am not sure if the keymap is different. I will try unlocking it on my machine with arch and report back which can be a couple of weeks.
Thanks for your help. Much appreciated.
Last edited by emorkay (2015-05-20 17:34:23)
Offline
Are you using tresor kernel patch? I hope not.
In case you're not, the encryption authentication would happen in your RAM. After you fail to decrypt the drive, the passphrase is stored in RAM. RAM has a nasty habit of retaining data a small amount of time after it has lost power, and there are software that can read RAM data. You could prepare some live cd with the tool for reading RAM available, fail to decrypt the HDD, boot the live environment and read RAM's content.
You could even move the RAM to a different machine in case your bios is password protected and you've forgot that password also. Also RAM retains data for longer amount of time if cooled.
Which tool/live cd I have no idea.
You could always try brute forcing. ![]()
Offline
Hi,
I never unlocked the hard drive on the current machine. So, there's no way can the RAM have the passphrase.
Thanks for the helpful information though.
Offline
Hi,
I have a vague idea what the passphrase could be with a little changes such as numbers or some close special characters substituted for alphabets. Can I effectively use this information to brute force and crack my passphrase?
@jasonwryan: Same problem on my arch machine too. So basically I forgot my passphrase.
Any help is greatly appreciated.
Thanks,
Offline
Can I effectively use this information to brute force and crack my passphrase?No, we would be violating the rules Arch has about posting stuff.
Simply because no one knows if it is your disk that is encrypted, for if it were you're own, you would normally know the password.
As was said before, if you cannot recall the pwd. you're screwed, no one here can help you, sadly enough.
Not to start a discussion about this, but:
do you really need encryption...?
If you do, you're backup policy should also meet this structure...
Offline
Can I effectively use this information to brute force and crack my passphrase?No, we would be violating the rules Arch has about posting stuff.
Simply because no one knows if it is your disk that is encrypted
I do not know much about Arch forum posting rules but it's my disk that I am trying to unlock. Of course, I can't prove it sitting in another part of the world.
Normally, I remember all my passwords. But, somehow I forgot this one. And, I am screwed big time.
Not to start a discussion about this, but:
do you really need encryption...?
If you do, you're backup policy should also meet this structure...
Well, I travel a lot. So, I thought encrypting my drive would offer me extra security in case I ever lost it.
Not to start a discussion, but what are best ways to safeguard against these kind of problems?
Thank you,
Last edited by emorkay (2015-05-25 10:08:31)
Offline
I do not know much about Arch forum posting rules but it's my disk that I am trying to unlock. Of course, I can't prove it sitting in another part of the world.
Normally, I remember all my passwords. But, somehow I forgot this one. And, I am screwed big time.
Yes, well it's impossible to check every ones good intentions I guess
So yeah, if you can't recall... screwed..:(
Well, I travel a lot. So, I thought encrypting my drive would offer me extra security in case I ever lost it.
Ah, well yes it could be wise to do so then , yes.
Not to start a discussion, but what are best ways to safeguard against these kind of problems?
You should consider having a backup policy.
Create encrypted backups of the volume, and backup on regular timebase.
Have a unencrypted backup(s) stored safely(in a safe f.i.) and one off-site.
Btw. don't throw away the encrypted data on the disk just yet, make a backup of it and hope you will remember what the pwd. was.
Offline
Btw. don't throw away the encrypted data on the disk just yet, make a backup of it and hope you will remember what the pwd. was.
How can I do this? I can't even unlock the partition.
Offline
Btw. don't throw away the encrypted data on the disk just yet, make a backup of it and hope you will remember what the pwd. was.
How can I do this? I can't even unlock the partition.
Just image that disk or copy the encrypted partition somewhere else...
Offline
emorkay wrote:Btw. don't throw away the encrypted data on the disk just yet, make a backup of it and hope you will remember what the pwd. was.
How can I do this? I can't even unlock the partition.
Just image that disk or copy the encrypted partition somewhere else...
Ok. Thanks a lot for your help.
Offline
Hi,
I finally got my passphrase. All is well now. It required me to run a script with multiple combinations using the parts of the passphrase I remember.
Anyway, thanks a lot for all the help everyone.
Thanks,
Last edited by emorkay (2015-05-25 14:38:41)
Offline
Hi,
I finally got my passphrase. All is well now. It required me to run a script with multiple combinations using the parts of the passphrase I remember.
Anyway, thanks a lot for all the help everyone.
Thanks,
I am sure you are relieved that you eventually remembered your passphrase. However it might be a good idea, now that you have access to your own data again, to make an unencrypted copy of the files on a computer or drive physically remote from where you have the encrypted machine that you travel with, not only so that if you lost the password again you would still have the data, but also there is the possibility of theft of the encrypted laptop, in which case the only access you would have is via your unencrypted and securely protected alternate. So that is a worthwhile strategy if you have a physically secure place to store the unencrypted files. Of course an encrypted copy as a backup is also another option, but of course you do need to ensure you don't forget its passphrase!
Mike C
Offline
Thanks for advice Mike. I will make an unencrypted backup of my data as soon as possible and keep it safe.
The whole incident taught some important lessons!
Offline
You could also try writing the password on paper and backing up LUKS header:
cryptsetup luksHeaderBackup /dev/sdx --header-backup-file=/etc/luks/backups/sdx.datIf you are doing this, note the following warning from man pages:
This backup file and a passphrase valid at the time of backup allows decryption of the LUKS data area, even if the passphrase was later changed removed from the LUKS device. Also note that with a header backup you the ability to securely wipe the LUKS device by just overwriting the header and key-slots. You either need to securely erase all header backups in addition or overwrite the encrypted data area as well. The second option is less secure, as some sectors can survive, e.g. due to defect management.
Offline
tsh: Thanks for the advice. Already took a backup of my drive's luks header.
Offline