[dm-crypt] Decrypting a drive; says a correct password is "incorrect"
Robert Nichols
rnicholsNOSPAM at comcast.net
Tue Jan 10 16:43:46 CET 2017
On 01/10/2017 02:47 AM, K Mmmm wrote:
> Thanks for your help, Bob. I have run the keyslot checker, and there
> appears to be damage.
>
> I read in many places that this means the data is simply
> irrecoverable. But I don't understand how that could be so. Assuming I
> know my password, couldn't I theoretically brute-force each of these
> areas where entropy is low? Is it because there are likely to be
> other areas with low entropy that are not detected by the checker?
> Would changing the sector size help? Or, is my understanding of hard
> disks just so bare, that I fail to realize how difficult this would
> be? If nobody answers, I'll assume it's hopeless, as based on the
> following output, this is what my inclination is to believe. If
> someone has a "wild idea" (the possibility of recovering the key from
> RAM is long gone), then I am certainly willing to try it -- even if it
> takes a decade or so to unlock. It's a crypto wallet with just enough
> to pay off my first year of medical school loans...
>
> root at pony:/home/m/cryptsetup-master/misc/keyslot_checker#
> ./chk_luks_keyslots /dev/sdb5
>
> parameters (commandline and LUKS header):
> sector size: 512
> threshold: 0.900000
>
> - processing keyslot 0: start: 0x001000 end: 0x03f800
> low entropy at: 0x005000 entropy: 0.000000
> low entropy at: 0x005200 entropy: 0.000000
> low entropy at: 0x005400 entropy: 0.000000
> low entropy at: 0x005600 entropy: 0.000000
> low entropy at: 0x005800 entropy: 0.000000
> low entropy at: 0x005a00 entropy: 0.000000
> low entropy at: 0x005c00 entropy: 0.000000
> low entropy at: 0x005e00 entropy: 0.000000
> low entropy at: 0x038000 entropy: 0.000000
> low entropy at: 0x038200 entropy: 0.000000
> low entropy at: 0x038400 entropy: 0.000000
> low entropy at: 0x038600 entropy: 0.000000
> low entropy at: 0x038800 entropy: 0.000000
> low entropy at: 0x038a00 entropy: 0.000000
> low entropy at: 0x038c00 entropy: 0.000000
> low entropy at: 0x038e00 entropy: 0.000000
> - processing keyslot 1: keyslot not in use
> - processing keyslot 2: keyslot not in use
> - processing keyslot 3: keyslot not in use
> - processing keyslot 4: keyslot not in use
> - processing keyslot 5: keyslot not in use
> - processing keyslot 6: keyslot not in use
> - processing keyslot 7: keyslot not in use
That would definitely make it worth sending the drive to a professional
data recovery company and ask them to try to recover just those 16
missing sectors.
