Howto Crack encryption on encrypted hard drive
 

Hello

Hopefully someone can help as I'm in a huge pickle

I have a server in my office. When I set it up, I made RAID 10 by creating a 40Gb RAID 1 partition (md4) and a 80Gb RAID 1 partition (md5). I then made a RAID 0 parition (md6) by putting md4 and md5 together:

Then, I made created an encrypted partition on md6:
and put in my passphrase. I made an ext3 filesystem on the encrypted drive, and then mounted it.

For the last 3 months, everything has worked perfectly.

However, I recently restarted my machine, and I cannot find my passphrase (it was either 24 or 32 characters long). I have no way of getting into the data.

Is there a way for me to access the contents of my partition? Is there some tool which would allow me to find the encryption key?

All help is very very warmly appreciated

Thank you
Hamish

Odds are you used one of the standard encryption algorithms, so you are not going to be able to access the data without the passphrase. If there were a way around that, encryption would have no value. Consider the data gone.

Which algorith was used to encrypt the data?

You'll need the hash string

hey

it was ripmod160 was the hashing algorithm

Hamish

You'll have to see if it can be cracked.
If it can be cracked then you might want to look for a rainbow table online that you can submit your hash to. If the algorith is crackable, I'm not familiar with this algorithm though.

I googled the term "ripmod160" nothing even shows up...

You mean "ripemd160".

Ripemd160? If the data on this disk is really worth the $10M effort it would take to crack, then take it to a qualified lab, and stop screwing around on forums. ;)

I assume the password is secure (not one that a dictionary attack will uncover), otherwise you would remember it.

Would a rainbow table attack work if the hash is known??

I did some digging. There is rainbow table software that is capable of cracking this algorithm. It will probably take less than a day because of the time-memory tradeoff.
http://www.antsight.com/zsl/rainbowcrack/
It says there is a patch to support Ripemd160, amongst others....

Best of luck!

Uh, no. A rainbow table is just a dictionary attack - with precomputed hashes.

If the password is a simple word, "kitten", "alphabet", "building", etc., then a rainbow table can find the matching hash quickly. It is completely ineffectual against a secure passphrase, like "qmt=yB/S2^b7bU\GN".

Of course you'd have to build the rainbow tables...
It works, and it's free. =]

He'll get into his data again and it won't take more than a day after the tables are built.

:)

Here you go hunterhunter, maybe this explanation will help. Unless you know the password to begin with, a rainbow table will be of no value. The purpose of a rainbow table is to save CPU cycles, when using the same dictionary over and over. The possible passwords must be in the dictionary.

Hamish indicated his password was 24 to 32 bytes long, which is:

16326466776417496929675696277970770183526062354562231235907835547169\
18088277034253205934252891774776052854706563571820566130064756132903\
87009159770006203414775250210052982450850885040191985385408549263622\
73400377742089396126532258934646547094927750852652848942675093672416\
39535934903531861594292853413450277496071062871069500621018867819879\
31796333996553871837380806443804801311681031566155330347725295080406\
42973985763421359684484120151327113000112308030495604366186255704114\
63139966626972697197175935235858965153386655200731800996089068644533\
75491988523977804782527975621728406630651928978946474101495397163954\
72275326145053822439222202104119736061726082281569535948869200382732\
44261388632400347292749652265509729699540696672575092046182114884813\
95551660466864005840344309424349460272744770694527349834670314187990\
38085424112716598242976639100105689808713819338459181069316972818915\
02329162684424431912472899878845594948562775253296146369168754314117\
42632468439199081552989548173921551953939112401783475610821072150465\
43626075544553081176510152005091573668871706207804091845090599651036\
13804600411828615721778781897396721818116231033487353517370553511007\
75192077751615484125268947753731805516883711386939294756726282767586\
40210602947829856138486288064510435876957476605368467170292197672803\
86138871937730783106711042896022465237895638234295885760743486865187\
79453222680951471279921640000813754254281682505840774273311664364937\
79003129970819525116067589042312201019006975102985906606624861907844\
76134646342975285884129849257257368134456668881682310911877226527937\
41550392337015212472270332765472391194793712755955787149067354130364\
66576916355287787060929362139738721376532268867771238587805458638045\
21489160006418968028765447514166159168964431697995419064603318838606\
33576774035841596057524709630518722047669772597751800040284029709661\
05279183757735654437744006585558958520455884210118830030370290350850\
49537036136615689054870647113650298216715126358132122397081297393958\
61308520476616894141586881239106338806854032812865186338714343233548\
80105760583347376533018535429618219992855508166884691621202789481597\
64876738054580251049862428184361626995151546858682893872787850691653\
73711784716687660465821991576173831310585694060512657196977033191606\
23703465238884831854222509627010850131993208510815024852629692329201\
17728485282379720296594683085153727950577072591510455891915269197161\
97019853046407590581775284368267728939243109109709220274888926665315\
86879282768697730416350871982196800745861428547868098373758180243441\
72607055592438289970011253527507776423673081871958602388730142098337\
47964888023812458288008511821379188734920410400655564192896033850363\
91929560502777052946722800903315192137524195608431899500636944892450\
21290116752476208391887200277836098594616527261242247822653015743642\
56870339273899174113746903492657863266039290710787423068456837235449\
60925564029185039169629431782854991265789760892557135491319680564204\
07963117116550534955582228950083297883323559106943719960292222774969\
72983801714237096221849593446672726350248196295851837384044970420137\
98064306569864978263589908926765203348002664100219567593861009646936\
23097387760149548024954921160835389414325809270720380057085432579360\
20555761563503197669392436109918033920457845709629397295410178200854\
40474090405241557969374318835168630581315461879225807652549357237016\
31541146785542483866263221140150532093846181939900103818253427362991\
26119561942618105730965950838253586150853747744821013010599395109538\
87090824593280304267441361644297898716318642760135458621735159923797\
60821948989380826086959806704707284675208558022929543688629283798452\
51454618589617804566813771404689052287822240963624969914683569980493\
66122710657976865580264561700556839339439016635996935553074440060144\
32924881376250060648043258166493410631279686653582575359923371043337\
24985040953802185643340466942484016005120000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000

possible passwords that you need to add to your dictionary before creating your rainbow table. Now you understand why it takes thousands of machines many, many years to crack encryption.

I agree, the table probably be several TB of data (if not more).
We can just hope that his password is made up of repetitous characters. And also that it stays in the alpha/numeric range. If he used special chars and extended ascii then he's gonna be ther a while.

Hiya

thank you for all your suggestions. THe encryption key was a randomly generated string. I think I'll spend my time trying to find where I put the damn key.

THank you
Hamish