[dm-crypt] password recovery for a luksOpened device?

Arno Wagner arno at wagner.name
Wed Nov 2 08:30:39 CET 2011


On Wed, Nov 02, 2011 at 08:23:33AM +0100, Milan Broz wrote:
> On 11/02/2011 04:14 AM, mike dentifrice wrote:
> > Or do I necessarily have to jump towards the "How do I recover the
> > master key from a mapped LUKS container?" FAQ entry?
> 
> You can run that script mentioned there (it will generate master-key-file
> from active mapping).
> 
> And then (instead of format) just run
> 
> cryptsetup luksAddKey --master-key-file=<master-key-file> <luks device>



I thought so. Very good, added to the FAQ.
 
Arno







> and add new arbitrary passphrase.
> 
> (If cryptsetup there doesn't support this option, you can do it on LUKS
> header clone outside of server and copy it back with new keyslot.)
> 
> Without using dictionary or brute force attack you cannot recover original
> passphrase though.
> 
> In any case, save "dmsetup table --showkeys" output, it will allow to map
> device even if you destroy LUKS header.
> 
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list