[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: password recovery for a luksOpened device?

On 11/02/2011 04:14 AM, mike dentifrice wrote:
> Or do I necessarily have to jump towards the "How do I recover the
> master key from a mapped LUKS container?" FAQ entry?

You can run that script mentioned there (it will generate master-key-file
from active mapping).

And then (instead of format) just run

cryptsetup luksAddKey --master-key-file=<master-key-file> <luks device>

and add new arbitrary passphrase.

(If cryptsetup there doesn't support this option, you can do it on LUKS
header clone outside of server and copy it back with new keyslot.)

Without using dictionary or brute force attack you cannot recover original
passphrase though.

In any case, save "dmsetup table --showkeys" output, it will allow to map
device even if you destroy LUKS header.

dm-crypt mailing list

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux