LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-25-2006, 08:42 AM   #1
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Rep: Reputation: 30
Howto Crack encryption on encrypted hard drive


Hello

Hopefully someone can help as I'm in a huge pickle

I have a server in my office. When I set it up, I made RAID 10 by creating a 40Gb RAID 1 partition (md4) and a 80Gb RAID 1 partition (md5). I then made a RAID 0 parition (md6) by putting md4 and md5 together:

Code:
mdadm --create /dev/md6 --level=0 --raid-disks=2 /dev/md4 /dev/md5
Then, I made created an encrypted partition on md6:
Code:
cryptsetup -c aes -h ripemd160 -y -b `blockdev --getsize /dev/md6` create crypt6 /dev/md6
and put in my passphrase. I made an ext3 filesystem on the encrypted drive, and then mounted it.

For the last 3 months, everything has worked perfectly.

However, I recently restarted my machine, and I cannot find my passphrase (it was either 24 or 32 characters long). I have no way of getting into the data.

Is there a way for me to access the contents of my partition? Is there some tool which would allow me to find the encryption key?

All help is very very warmly appreciated

Thank you
Hamish
 
Old 07-25-2006, 10:16 AM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
Odds are you used one of the standard encryption algorithms, so you are not going to be able to access the data without the passphrase. If there were a way around that, encryption would have no value. Consider the data gone.
 
Old 07-25-2006, 01:27 PM   #3
hunterhunter
Member
 
Registered: Nov 2005
Posts: 90

Rep: Reputation: 15
Which algorith was used to encrypt the data?

You'll need the hash string
 
Old 07-25-2006, 01:28 PM   #4
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Original Poster
Rep: Reputation: 30
hey

it was ripmod160 was the hashing algorithm

Hamish
 
Old 07-25-2006, 01:38 PM   #5
hunterhunter
Member
 
Registered: Nov 2005
Posts: 90

Rep: Reputation: 15
You'll have to see if it can be cracked.
If it can be cracked then you might want to look for a rainbow table online that you can submit your hash to. If the algorith is crackable, I'm not familiar with this algorithm though.
 
Old 07-25-2006, 01:39 PM   #6
hunterhunter
Member
 
Registered: Nov 2005
Posts: 90

Rep: Reputation: 15
I googled the term "ripmod160" nothing even shows up...
 
Old 07-25-2006, 01:43 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 28,274
Blog Entries: 54

Rep: Reputation: 3174Reputation: 3174Reputation: 3174Reputation: 3174Reputation: 3174Reputation: 3174Reputation: 3174Reputation: 3174Reputation: 3174Reputation: 3174Reputation: 3174
You mean "ripemd160".
 
Old 07-25-2006, 02:18 PM   #8
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
Ripemd160? If the data on this disk is really worth the $10M effort it would take to crack, then take it to a qualified lab, and stop screwing around on forums.

I assume the password is secure (not one that a dictionary attack will uncover), otherwise you would remember it.
 
Old 07-25-2006, 02:24 PM   #9
hunterhunter
Member
 
Registered: Nov 2005
Posts: 90

Rep: Reputation: 15
Would a rainbow table attack work if the hash is known??
 
Old 07-25-2006, 02:29 PM   #10
hunterhunter
Member
 
Registered: Nov 2005
Posts: 90

Rep: Reputation: 15
I did some digging. There is rainbow table software that is capable of cracking this algorithm. It will probably take less than a day because of the time-memory tradeoff.
http://www.antsight.com/zsl/rainbowcrack/
It says there is a patch to support Ripemd160, amongst others....

Best of luck!
 
Old 07-25-2006, 09:10 PM   #11
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
Uh, no. A rainbow table is just a dictionary attack - with precomputed hashes.

If the password is a simple word, "kitten", "alphabet", "building", etc., then a rainbow table can find the matching hash quickly. It is completely ineffectual against a secure passphrase, like "qmt=yB/S2^b7bU\GN".
 
Old 07-25-2006, 11:21 PM   #12
hunterhunter
Member
 
Registered: Nov 2005
Posts: 90

Rep: Reputation: 15
Of course you'd have to build the rainbow tables...
It works, and it's free. =]

He'll get into his data again and it won't take more than a day after the tables are built.

 
Old 07-25-2006, 11:58 PM   #13
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
Here you go hunterhunter, maybe this explanation will help. Unless you know the password to begin with, a rainbow table will be of no value. The purpose of a rainbow table is to save CPU cycles, when using the same dictionary over and over. The possible passwords must be in the dictionary.

Hamish indicated his password was 24 to 32 bytes long, which is:

16326466776417496929675696277970770183526062354562231235907835547169\
18088277034253205934252891774776052854706563571820566130064756132903\
87009159770006203414775250210052982450850885040191985385408549263622\
73400377742089396126532258934646547094927750852652848942675093672416\
39535934903531861594292853413450277496071062871069500621018867819879\
31796333996553871837380806443804801311681031566155330347725295080406\
42973985763421359684484120151327113000112308030495604366186255704114\
63139966626972697197175935235858965153386655200731800996089068644533\
75491988523977804782527975621728406630651928978946474101495397163954\
72275326145053822439222202104119736061726082281569535948869200382732\
44261388632400347292749652265509729699540696672575092046182114884813\
95551660466864005840344309424349460272744770694527349834670314187990\
38085424112716598242976639100105689808713819338459181069316972818915\
02329162684424431912472899878845594948562775253296146369168754314117\
42632468439199081552989548173921551953939112401783475610821072150465\
43626075544553081176510152005091573668871706207804091845090599651036\
13804600411828615721778781897396721818116231033487353517370553511007\
75192077751615484125268947753731805516883711386939294756726282767586\
40210602947829856138486288064510435876957476605368467170292197672803\
86138871937730783106711042896022465237895638234295885760743486865187\
79453222680951471279921640000813754254281682505840774273311664364937\
79003129970819525116067589042312201019006975102985906606624861907844\
76134646342975285884129849257257368134456668881682310911877226527937\
41550392337015212472270332765472391194793712755955787149067354130364\
66576916355287787060929362139738721376532268867771238587805458638045\
21489160006418968028765447514166159168964431697995419064603318838606\
33576774035841596057524709630518722047669772597751800040284029709661\
05279183757735654437744006585558958520455884210118830030370290350850\
49537036136615689054870647113650298216715126358132122397081297393958\
61308520476616894141586881239106338806854032812865186338714343233548\
80105760583347376533018535429618219992855508166884691621202789481597\
64876738054580251049862428184361626995151546858682893872787850691653\
73711784716687660465821991576173831310585694060512657196977033191606\
23703465238884831854222509627010850131993208510815024852629692329201\
17728485282379720296594683085153727950577072591510455891915269197161\
97019853046407590581775284368267728939243109109709220274888926665315\
86879282768697730416350871982196800745861428547868098373758180243441\
72607055592438289970011253527507776423673081871958602388730142098337\
47964888023812458288008511821379188734920410400655564192896033850363\
91929560502777052946722800903315192137524195608431899500636944892450\
21290116752476208391887200277836098594616527261242247822653015743642\
56870339273899174113746903492657863266039290710787423068456837235449\
60925564029185039169629431782854991265789760892557135491319680564204\
07963117116550534955582228950083297883323559106943719960292222774969\
72983801714237096221849593446672726350248196295851837384044970420137\
98064306569864978263589908926765203348002664100219567593861009646936\
23097387760149548024954921160835389414325809270720380057085432579360\
20555761563503197669392436109918033920457845709629397295410178200854\
40474090405241557969374318835168630581315461879225807652549357237016\
31541146785542483866263221140150532093846181939900103818253427362991\
26119561942618105730965950838253586150853747744821013010599395109538\
87090824593280304267441361644297898716318642760135458621735159923797\
60821948989380826086959806704707284675208558022929543688629283798452\
51454618589617804566813771404689052287822240963624969914683569980493\
66122710657976865580264561700556839339439016635996935553074440060144\
32924881376250060648043258166493410631279686653582575359923371043337\
24985040953802185643340466942484016005120000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000000000000000000000000000000000000000000000000000000000\
00000000000000

possible passwords that you need to add to your dictionary before creating your rainbow table. Now you understand why it takes thousands of machines many, many years to crack encryption.
 
Old 07-26-2006, 12:29 AM   #14
hunterhunter
Member
 
Registered: Nov 2005
Posts: 90

Rep: Reputation: 15
I agree, the table probably be several TB of data (if not more).
We can just hope that his password is made up of repetitous characters. And also that it stays in the alpha/numeric range. If he used special chars and extended ascii then he's gonna be ther a while.
 
Old 07-26-2006, 02:25 AM   #15
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Original Poster
Rep: Reputation: 30
Hiya

thank you for all your suggestions. THe encryption key was a randomly generated string. I think I'll spend my time trying to find where I put the damn key.

THank you
Hamish
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving linux partition from original hard drive to another, howto??? Fear58 Linux - General 22 02-15-2008 04:26 PM
LXer: HOWTO: Diagnose a Failing Hard Drive LXer Syndicated Linux News 0 01-26-2006 09:31 AM
hard drive encryption Vince0053 Linux - Newbie 3 06-15-2005 06:15 PM
howto copy to another hard drive ic1404 Linux - Newbie 2 04-14-2005 09:57 PM
Howto install mandrake from a NTFS particion on hard drive Akiles Linux - Newbie 3 04-03-2005 02:13 PM


All times are GMT -5. The time now is 02:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration