[dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake

Arno Wagner arno at wagner.name
Sun Nov 10 17:26:58 CET 2013

On Sun, Nov 10, 2013 at 01:15:25 CET, John Thoe wrote:
> > If you are missing 6 characters, with a standard alphabeth of, say,
> > 2x26 chars + 10 digits and 20 special symbols, that would take
> > about 300'000'000 tries. As this is plain dm-crypt, a try does
> > not take about 1 second but signigicantly less (no iterated
> > hashing). No idea how fast this really is, but if programmed right,
> > it may be doable in a few days of trying. Of course, you also have
> > to recognize when you have the right password, which depends on
> > what is in there. "blkid" may help to recognize a filesystem,
> > but again I have no idea how fast it is.

> Sorry it was actually dm-crypt with LUKS. I just checked and had no idea
> before.

That makes it both easier and harder. Easier because the
check whether a password matches is now trivial. Harder because
LUKS uses iterated hashing. Milan has an example for doing this
somewhere in the source package, best use that. Doing it manually
with the commandline cryptsetup is possible, but not recommended.
It is likely harder than using the example dictionary search tool,
and it can use multiple CPUs.
> I have generated the possible permutation list. Wouldn't it make sense to
> just brute force LUKS with the 100,000 possible combinations or is that a
> bad idea?

That is actually the only thing you can do. With 100'000 
combinations, you can expect this to take something like 100'000 CPU 
seconds, or roughly 28h on a single CPU. If you do this on an image 
file of your LUKS container, just copying the first 100MB or so 
should work fine.  

> Sorry, I am trying to understand if it is possible to do this or I should
> just give up hope.

If your 100'000 combinations have the right one in there, then
it is not even very hard to do.

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

More information about the dm-crypt mailing list