[dm-crypt] Forgot dm-crypt password; suggestions on steps to undertake

Matthew Monaco dgbaley27 at 0x01b.net
Tue Nov 12 15:58:33 CET 2013

On 11/10/2013 07:25 PM, John Thoe wrote:
> Hello Arno and Milan
> Thanks very much for your replies. I was not successful in retrieving the
> passphrase but it was a good learning experience.

I'm not sure if this means that you couldn't find a good way to brute-force or
if your assumptions about the missing parts were wrong. I've done something
similar before, although the forgotten pieces were somewhat different and only
had ~32 possibilities. In any event, I used a script like this:


dictionary=( mypass-{0000..2000} )

for pass in "${dictionary[@]}"; do
	printf "Trying: %s..." "$pass"
	if echo -n "$pass" | cryptsetup luksOpen --test-passphrase \
	                         --key-file=- "$dev" lostdev &> /dev/null; then
		printf " SUCCESS!\n"
		printf "\n"

It didn't make sense to me to do it using libcryptsetup because the bottleneck
was the actual decryption attempt.

If this is for your root drive, you'd have to do it from a boot disk. If you're
data is important, and you really do need ~5000 attempts, I think the wait time
is manageable.

More information about the dm-crypt mailing list