cryptsetup.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
* Assistance required
@ 2023-01-31  9:58 Sascha Sander
  2023-01-31 13:09 ` Michael Kjörling
  0 siblings, 1 reply; 3+ messages in thread
From: Sascha Sander @ 2023-01-31  9:58 UTC (permalink / raw)
  To: cryptsetup


[-- Attachment #1.1: Type: text/plain, Size: 1113 bytes --]

Dear Ladies or Gentlemen,

I have a question. I have a LUKS1 encrypted disk. On this disk essential
memories (familiy pictures, etc) are stored. But: I forgot the passphrase.

As far as I understand the passphrase only encrypts the master key on the
disk. If I'd able to add another keyslot with a known password I should be
able to access the data right?

But unfornutaley I need to know the previous passphrase to add a new one.
Is there *any* possibility to access the data?

I attached the header (first 2 MB offset 512 bytes dumped using dd).

Some Background information:

Acutally it's to 2disks that are part of a LVM Raid1 which were put in a WD
MyCloud EX2 Ultra Enclosure. After a power outage the enclosure does not
show the volume and thus I cannot export the passphrase for the volume.

After having the disks put into a Fedora Linux I can see the disks and
volumes and that the data is encrypted. Unfortunately I cannot decrypt them
using crypsetup due to the missing passphrase as described above.

I'd be very happy if it would be possible to access the data, because the
data is precious to me.

[-- Attachment #1.2: Type: text/html, Size: 1335 bytes --]

[-- Attachment #2: luks-header --]
[-- Type: application/octet-stream, Size: 2097664 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Assistance required
  2023-01-31  9:58 Assistance required Sascha Sander
@ 2023-01-31 13:09 ` Michael Kjörling
  2023-01-31 23:07   ` Arno Wagner
  0 siblings, 1 reply; 3+ messages in thread
From: Michael Kjörling @ 2023-01-31 13:09 UTC (permalink / raw)
  To: cryptsetup

On 31 Jan 2023 10:58 +0100, from sensei.of.darkness@gmail.com (Sascha Sander):
> But unfornutaley I need to know the previous passphrase to add a new one.
> Is there *any* possibility to access the data?

Unfortunately, the general answer to this is no, there is not.

If it was possible to access the data inside a LUKS container without
knowing a valid passphrase for the container, then that would
completely undermine the entire purpose of having full disk encryption
in the first place; so anything like that would be a serious design
flaw.

I'm sorry.

Your best bet would be a backup that you are able to access. Is it
correct to assume that such backups do not exist in this case?

If you remember _something_ about the passphrase, then you might be
able to use that knowledge to set up a password cracker, but even so,
it would take a long time for it to work through even a small number
of possibilities with cryptsetup's default settings (which IIRC is 1-2
seconds' worth of key derivation iteration count on the system where
the LUKS container is created). This is helpful mostly when you
remember _almost_ all of a passphrase.

_IF_ the container was still open on a system where you have root
privileges, then there exist ways to set up a key slot with a known
passphrase even if you do not know any current passphrase. It doesn't
sound like this is the case in your situation, but on the odd chance
that it is, DO NOTHING THAT WOULD CAUSE THE CONTAINER TO BE CLOSED. Do
not "luksClose" it, do not reboot the system, do not unplug the
underlying storage device, or anything else like that. That situation
is salvageable.

-- 
Michael Kjörling                     🏡 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Assistance required
  2023-01-31 13:09 ` Michael Kjörling
@ 2023-01-31 23:07   ` Arno Wagner
  0 siblings, 0 replies; 3+ messages in thread
From: Arno Wagner @ 2023-01-31 23:07 UTC (permalink / raw)
  To: Michael Kjörling; +Cc: cryptsetup




On Tue, Jan 31, 2023 at 14:09:05 CET, Michael Kjörling wrote:
> On 31 Jan 2023 10:58 +0100, from sensei.of.darkness@gmail.com (Sascha Sander):
> > But unfornutaley I need to know the previous passphrase to add a new one.
> > Is there *any* possibility to access the data?
> 
> Unfortunately, the general answer to this is no, there is not.
> 
> If it was possible to access the data inside a LUKS container without
> knowing a valid passphrase for the container, then that would
> completely undermine the entire purpose of having full disk encryption
> in the first place; so anything like that would be a serious design
> flaw.

I second that. What you are trying to do would completely
negate the LUKS security model if it was possible. 
Hence it is not. 

Regards,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-01-31 23:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-31  9:58 Assistance required Sascha Sander
2023-01-31 13:09 ` Michael Kjörling
2023-01-31 23:07   ` Arno Wagner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).