Forgotten LUKS passphrase
i am stuck with a big problem.
I have encrypted my linux drive with LUKS and now I can't remember it. During boot, it prompts me for the passphrase, but I went into troubleshooting mode and deleted the entry from /etc/crypttab
so at least I can boot now into my account but that doesn't solve the problem. I can't access my drive /dev/sda5.
Can someone please show me a way to crack the passphrase or is there no way around it.
Solution 1:
There is no way around it. That the whole point of encryption in the first place.
You will have to erase the partition and start over, all data is lost.
Solution 2:
Unless you chose to make a backup of the encryption key during the installation (if installed using the alternate installer of Ubuntu for example), then you're the only capable of decrypting the key on the disk to unlock the volume.
No way to recover from the volume. Recover from backups.
As @DietrichEpp mentioned: this is the whole point encryption in the first place. Nobody should be able to read your data unless the correct key/passphrase is provided, including yourself.
Solution 3:
I have created a Windows program that will perform a dictionary attack on Luks volumes. http://code.google.com/p/luks-volume-cracker/ Its slow by design!
Solution 4:
Use brute-force if you remember enough information about password. I wrote script that call
echo 'passwordcandidate' | cryptsetup luksOpen /dev/sda5 test
If the exit code is 0 then the password is correct. If the exit code is 2 try next. With 4 threads on 4-core CPU the speed is 1 password/s.
The fastest method to brute-force the LUKS disk I found is Hashcat. Now it supports LUKS. Example for the combination of two wordlists:
hashcat64.bin -m 14600 -a 1 /dev/sda5 start.dict end.dict
On my GeForce GT 720M the speed is 50 password/s.
If you have access to the more powerful computer, you can take only the first 2 MB from your luks-disk.
dd if=/dev/sda5 of=luks-header-hashcat-sda5 bs=512 count=4097
hashcat64.bin -m 14600 -a 1 luks-header-hashcat-sda5 start.dict end.dict
Read more https://hashcat.net/forum/thread-6225.html