[dm-crypt] recovering forgotten passwords for 2 LVs

ken gebser at mousecar.com
Mon Aug 22 16:48:54 CEST 2011


On 08/17/2011 01:44 PM ken wrote:
> Having searched through the archives and read the FAQ list, I know this
> isn't going to be easy, but I have to give it a try anyway.  Yes, I'm
> yet another guy who forgot his LUKS password.  And I encrypted both the
> system and data LVs (when I first installed CentOS/Linux).  After a
> couple days trying out various passphrases (going through my three
> chances and then having to shut down and restart the machine to get
> another three chances) and not succeeding, I removed the drive and put
> it into a drive enclosure, then attached it (via USB) to an older but
> working system.  Now I can read only the /boot partition of that drive....

Over the weekend I read a bunch more documentation, got a spare drive
connected, and on it created an encrypted partition containing a Linux
LVMed filesystem (ext3 if it matters... same as the on the disk I'm
trying to get back).  I did all this to test and refine a script I
created so I can input possible/likely passphrases and see which of them
might work.  My script works fine on the one encrypted partition I
created on the test disk.  I have a concern though.

When booting the disk I'm locked out of, it would prompt me twice...
because, as explained above, the partition contained two encrypted
logical volumes... so I was prompted for passphrases for each.  In fact,
if I failed to input the correct passphrase for the first LV, I'd still
be prompted for the passphrase for the second LV.  When I do "cryptsetup
isLuks /dev/sda5" the error code (0) tells me I've got an encrypted
device... but just one.  Using luksDump likewise shows just one instance
of something (?) encrypted.

Why is this, when I know there to be *two* encrypted LVs on that
partition/device?

Most importantly, when I run

echo -n "$PASS PHRASE" |/sbin/cryptsetup luksOpen /dev/sdb5 name1

is cryptsetup going to be talking to one or the other encrypted LVs...?
and if so, which one?



Thanks^128,
ken



More information about the dm-crypt mailing list