[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Forgot password BUT, fs is mounted

To: linux-crypto@nl.linux.org
Subject: Re: Forgot password BUT, fs is mounted
From: Pavel Minev Penev <kal_pav@sz.techno-link.com>
Date: Thu, 19 Dec 2002 19:15:32 +0200
In-Reply-To: <Pine.GSO.4.21.0212190817210.14563-100000@rac2.wam.umd.edu>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Mail-Followup-To: linux-crypto@nl.linux.org
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <1040259108.3e011824771b2@webmail.haraburda.com> <Pine.GSO.4.21.0212190817210.14563-100000@rac2.wam.umd.edu>
Reply-To: linux-crypto@nl.linux.org
Sender: linux-crypto-bounce@nl.linux.org
User-Agent: Mutt/1.4i

On Thu, Dec 19, 2002 at 08:17:41AM -0500, Richard Devendra Gopaul wrote:
> it's never a bad idea to copy the files, just in case...
> 
> rgopaul@wam.umd.edu
> 
> On Wed, 18 Dec 2002, David Haraburda wrote:
> 
> > Hi,
> > 
> > I have forgotten the password to my encrypted file system (well, I
> > have a couple of guesses, but I'm not sure).  The reason I don't
> > want to try them is because the drive has been mounted and running
> > for awhile now... everything is fine, but just in case something
> > happens to the computer, I was wondering if there is any way to
> > recover the password from an already mounted partition?  If not, is
> > it possible for me to attempt to mount it again in a different
> > location (probably not?) so I can try guessing the password?  Or am
> > I just better off copying everything over while I have the chance
> > and re-encrypting and this time remembering the password? :-)

I think it safe to try mounting the same device in a different directory
as long as you mount it read-only. Otherwise, there is no known direct
way to recover the password by looking at the decrypted data (however,
you may be able to get the encryption/decryption key from the memory).
My advice is: SAVE YOUR DATA IMMEDIATELY.

By the way I had your problem some time ago. I wrote a brute forcer
based on kerenel's cryptoloop functionality, but I succeeded in only
discovering that each loop device detaching is done in a separate
(zombie) process which causes a temoprary system hang up when I run my
brute forcer (the old fork bomb). Note that I haven't tested the 2.4.20
kernel. A shell script (running at a lower rate) seems to work fine at
the cost of performance: don't expect much more than 20 password tests
per second.

Good luck,
-- 
Pav
                                 ,.,
                               ,``:'',
That your internet traffic is  {o ! o}  My GPG/PGP key is now available at
vulnarable is NOT only a joke! ] -+- [  x-hkp://search.keyserver.net:11371.
                                \ ! /
                                 `-'

`shell$ gpg --keyserver x-hkp://search.keyserver.net:11371 --recv-key 164C028F`
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Forgot password BUT, fs is mounted
  - From: David Haraburda <david-linux-crypto@haraburda.com>
- Re: Forgot password BUT, fs is mounted
  - From: Richard Devendra Gopaul <rgopaul@wam.umd.edu>

Prev by Date: Re: Forgot password BUT, fs is mounted
Next by Date: cryptoloop unresolved symbols
Prev by thread: Re: Forgot password BUT, fs is mounted
Next by thread: cryptoloop unresolved symbols
Index(es):
- Date
- Thread