[dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake

Milan Broz gmazyland at gmail.com
Mon Nov 11 06:51:23 CET 2013

On 11.11.2013 4:13, Arno Wagner wrote:
> On Mon, Nov 11, 2013 at 03:25:30 CET, John Thoe wrote:
>> Hello Arno and Milan
>> Thanks very much for your replies. I was not successful in retrieving the
>> passphrase but it was a good learning experience.
>> A question about LUKS I have is that I travel a lot and sometimes have to
>> leave my laptop unattended and I put it to sleep or lock it.  Is it
>> possible for an attacker to retrieve the keys while the laptop is in that
>> state.  My question is that should I always shutdown the laptop to be safe
>> or is it fine to leave it locked or in sleep mode?  Can the keys be
>> recovered from memory?
> The keys can be recovered from memory. Also, an attacker could
> boot your machine and install malware or could install a physical
> key-logger. The usual consent is that if an attacker has
> repeated unnoticed physical access to a machine, no security
> measure will help. Even encryption (shut-down state) will really
> only help against an attacker that gets access only once and
> steals the machine.

This is obviously true. But if ignoring hw tampering, if you use hibernate
(to encrypted swap - should be default for distros with encrypted install)
it is safe - key is not in memory, RAM content is stored encrypted,
and you have to provide password on resume.

For suspend to RAM ("sleep") the key is still in memory so it can be quite
easily extracted.
(dmcrypt provides way how to temporarily wipe key from memory but distributions
do not use yet this because it requires quite complex handling)


More information about the dm-crypt mailing list