[dm-crypt] password recovery for a luksOpened device?
arno at wagner.name
Wed Nov 2 08:30:39 CET 2011
On Wed, Nov 02, 2011 at 08:23:33AM +0100, Milan Broz wrote:
> On 11/02/2011 04:14 AM, mike dentifrice wrote:
> > Or do I necessarily have to jump towards the "How do I recover the
> > master key from a mapped LUKS container?" FAQ entry?
> You can run that script mentioned there (it will generate master-key-file
> from active mapping).
> And then (instead of format) just run
> cryptsetup luksAddKey --master-key-file=<master-key-file> <luks device>
I thought so. Very good, added to the FAQ.
> and add new arbitrary passphrase.
> (If cryptsetup there doesn't support this option, you can do it on LUKS
> header clone outside of server and copy it back with new keyslot.)
> Without using dictionary or brute force attack you cannot recover original
> passphrase though.
> In any case, save "dmsetup table --showkeys" output, it will allow to map
> device even if you destroy LUKS header.
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt