You are not logged in.

#1 2015-05-20 17:01:00

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

[SOLVED] LUKS encrypted partition - Forgot passphrase

Hi,

I have an external hard drive with one partition formatted as LUKS encrypted drive. I, now, forgot passphrase to unlock that partition. I have tried all passphrases I can think of. But none seem to work. I have only one keyslot enabled. Is there anyway I can get access back it? Or, am I simply going to lose all my data? sad It has lots of important personal files. And, that's the reason I encrypted it in the first place.

Any help is greatly appreciated.

Thanks,

Last edited by emorkay (2015-05-25 14:41:08)

Offline

#2 2015-05-20 17:12:05

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,426
Website

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

If the device is unlocked, you could write a new passphrase to the next slot. Otherwise, I think that you are in exactly the same boat as a would-be attacker...


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2015-05-20 17:12:24

headkase
Member
Registered: 2011-12-06
Posts: 1,986

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

If there was any way to recover the data after you lost your passphrase then it wouldn't be "secure" would it?

Offline

#4 2015-05-20 17:20:14

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

@jasonwryan: The device is not unlocked.

@headkase: yes, it wouldn't be secure. So, I am just going to lose my data. Is that it? sad

And, by the way, I encrypted it on an arch machine but now I am trying to unlock it on my brother's laptop which has Ubuntu 15.04. Is this a problem? Any version mismatches or unsupported ciphers etc?

Offline

#5 2015-05-20 17:28:07

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,426
Website

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

If the keymap is different between those machines, that would explain why the passphrase wasn't working.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#6 2015-05-20 17:33:55

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

I am not sure if the keymap is different. I will try unlocking it on my machine with arch and report back which can be a couple of weeks.

Thanks for your help. Much appreciated.

Last edited by emorkay (2015-05-20 17:34:23)

Offline

#7 2015-05-20 18:53:53

bstaletic
Member
Registered: 2014-02-02
Posts: 658

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

Are you using tresor kernel patch? I hope not.

In case you're not, the encryption authentication would happen in your RAM. After you fail to decrypt the drive, the passphrase is stored in RAM. RAM has a nasty habit of retaining data a small amount of time after it has lost power, and there are software that can read RAM data. You could prepare some live cd with the tool for reading RAM available, fail to decrypt the HDD, boot the live environment and read RAM's content.

You could even move the RAM to a different machine in case your bios is password protected and you've forgot that password also. Also RAM retains data for longer amount of time if cooled.

Which tool/live cd I have no idea.

You could always try brute forcing. smile

Offline

#8 2015-05-21 17:09:24

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

Hi,

I never unlocked the hard drive on the current machine. So, there's no way can the RAM have the passphrase.

Thanks for the helpful information though.

Offline

#9 2015-05-24 13:10:28

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

Hi,

I have a vague idea what the passphrase could be with a little changes such as numbers or some close special characters substituted for alphabets. Can I effectively use this information to brute force and crack my passphrase?

@jasonwryan: Same problem on my arch machine too. So basically I forgot my passphrase.

Any help is greatly appreciated.

Thanks,

Offline

#10 2015-05-24 16:26:40

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,596

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

Can I effectively use this information to brute force and crack my passphrase?

No, we would be violating the rules Arch has about posting stuff.

Simply because no one knows if it is your disk that is encrypted, for if it were you're own, you would normally know the password.
As was said before, if you cannot recall the pwd. you're screwed, no one here can help you, sadly enough.

Not to start a discussion about this, but:
do you really need encryption...?
If you do,  you're backup policy should also meet this structure...

Offline

#11 2015-05-25 10:07:52

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

qinohe wrote:
Can I effectively use this information to brute force and crack my passphrase?

No, we would be violating the rules Arch has about posting stuff.

Simply because no one knows if it is your disk that is encrypted

I do not know much about Arch forum posting rules but it's my disk that I am trying to unlock. Of course, I can't prove it sitting in another part of the world. smile Normally, I remember all my passwords. But, somehow I forgot this one. And, I am screwed big time.

Not to start a discussion about this, but:
do you really need encryption...?
If you do,  you're backup policy should also meet this structure...

Well, I travel a lot. So, I thought encrypting my drive would offer me extra security in case I ever lost it.
Not to start a discussion, but what are best ways to safeguard against these kind of problems?

Thank you,

Last edited by emorkay (2015-05-25 10:08:31)

Offline

#12 2015-05-25 10:51:40

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,596

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

emorkay wrote:

I do not know much about Arch forum posting rules but it's my disk that I am trying to unlock. Of course, I can't prove it sitting in another part of the world. smile Normally, I remember all my passwords. But, somehow I forgot this one. And, I am screwed big time.

Yes, well it's impossible to check every ones good intentions I guess wink So yeah, if you can't recall...  screwed..:(

Well, I travel a lot. So, I thought encrypting my drive would offer me extra security in case I ever lost it.

Ah, well yes it could be wise to do so then , yes.

Not to start a discussion, but what are best ways to safeguard against these kind of problems?

You should consider having a backup policy.
Create encrypted backups of the volume, and backup on regular  timebase.
Have a unencrypted backup(s) stored safely(in a safe f.i.) and one off-site.

Btw. don't throw away the encrypted data on the disk just yet, make a backup of it and hope you will remember what the pwd. was.

Offline

#13 2015-05-25 10:55:25

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

Btw. don't throw away the encrypted data on the disk just yet, make a backup of it and hope you will remember what the pwd. was.

How can I do this? I can't even unlock the partition.

Offline

#14 2015-05-25 10:57:58

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,596

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

emorkay wrote:

Btw. don't throw away the encrypted data on the disk just yet, make a backup of it and hope you will remember what the pwd. was.

How can I do this? I can't even unlock the partition.

Just image that disk or copy the encrypted partition somewhere else...

Offline

#15 2015-05-25 11:00:07

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

qinohe wrote:
emorkay wrote:

Btw. don't throw away the encrypted data on the disk just yet, make a backup of it and hope you will remember what the pwd. was.

How can I do this? I can't even unlock the partition.

Just image that disk or copy the encrypted partition somewhere else...

Ok. Thanks a lot for your help.

Offline

#16 2015-05-25 14:38:22

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

Hi,

I finally got my passphrase. All is well now. It required me to run a script with multiple combinations using the parts of the passphrase I remember.

Anyway, thanks a lot for all the help everyone.

Thanks,

Last edited by emorkay (2015-05-25 14:38:41)

Offline

#17 2015-05-25 14:48:06

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,360

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

emorkay wrote:

Hi,

I finally got my passphrase. All is well now. It required me to run a script with multiple combinations using the parts of the passphrase I remember.

Anyway, thanks a lot for all the help everyone.

Thanks,

I am sure you are relieved that you eventually remembered your passphrase. However it might be a good idea, now that you have access to your own data again, to make an unencrypted copy of the files on a computer or drive physically remote from where you have the encrypted machine that you travel with, not only so that if you lost the password again you would still have the data, but also there is the possibility of theft of the encrypted laptop, in which case the only access you would have is via your unencrypted and securely protected alternate. So that is a worthwhile strategy if you have a physically secure place to store the unencrypted files. Of course an encrypted copy as a backup is also another option, but of course you do need to ensure you don't forget its passphrase!


Mike C

Offline

#18 2015-05-26 08:49:53

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

Thanks for advice Mike. I will make an unencrypted backup of my data as soon as possible and keep it safe.

The whole incident taught some important lessons!

Offline

#19 2015-05-26 14:22:28

tsh
Member
From: Munich
Registered: 2014-07-25
Posts: 47
Website

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

You could also try writing the password on paper and backing up LUKS header:

cryptsetup luksHeaderBackup /dev/sdx  --header-backup-file=/etc/luks/backups/sdx.dat

If you are doing this, note the following warning from man pages:

This backup file and a passphrase valid at the time of backup allows decryption of the LUKS data area, even if the passphrase was later changed removed  from  the  LUKS device. Also note that with a header backup you the ability to securely wipe the LUKS device by just overwriting  the  header and  key-slots. You either need to securely erase all header backups in addition or overwrite the encrypted data area as well.  The second option is less secure, as some sectors can survive, e.g. due to defect management.

Offline

#20 2015-05-28 05:55:37

emorkay
Member
From: India
Registered: 2012-06-06
Posts: 43

Re: [SOLVED] LUKS encrypted partition - Forgot passphrase

tsh: Thanks for the advice. Already took a backup of my drive's luks header.

Offline

Board footer

Powered by FluxBB