Fedora Security Lab | Flight 2 (burt forcing ecrypted drive)

In my last Security Lab Post I demonstrated some fairly simply steps for using Fedora's Security Lab to mount a LUKS encrypted drive.

After figureing out how to do this, I wondered how simple it would be to crack or break into the drive should I forget my password.

Yes, it happens and when it does it SUCKS, as if you off my 1 or 2 characters you have 6-8 permutations of your password to try. 

So I went off to implement a bash based brut force attack to help solve this problem and  have an automated script demonstrate the process.

After doing some research I found this blog post by Steven Hollingsworth and used this as a template for my script.

try: 12 of 64
ESTIMATED COMPLETION: Sun May 19 16:52:51 EDT 2013

********* PASSWORD *********** Success!

Its a simple script that takes a word list (as the 3rd argument) and attempts to unlock the encrypted drive one password at a time.

Developing the word list is realy where the problem is! Here is why ((its time for some math):

Lets assume you have no clue what teh password is (but seeing as most passwords are between 0 an 8 characters long and you know that there are no special characters.

So we can create an alphabet with the following:

echo {a..z} {A..Z} {0..9}

This gives us 62 characters:

echo {a..z} {A..Z} {0..9} | wc -w

 So if our pasword or passphrase was only 1 character long you would have 62 itterations to try before you could be sure that your passphrase is not 1 character long.  So lets say that you think your password is 2 characters long.

2^62

This would give you 4611686018427387904 permutations or itterations that you would have to try before you could confirm that your password is not 2 characters long.

That is not only translates into a time consuming opperation but a resource issue for your system (this was my problem) if you are trying to build this list in memory.

It is because of this reason that building a dictionary is done outside of my script. It is this way for 2 reasons.

1. So that other more efficent tools (or better ideas) can generate the list. 
2. The list can be shorten or created in a way the user chooese. 

My way of doing this is by using bash's carteasina product (rember the command above that I used to create my alphabet, well just remove the spaces).

echo {a..z}{A..Z}{0..9}

This will create a word list of 3 letters with the first letter being a lower case letter, the second being an uppercase letter, and the last being a numeric digit. Or 6760 permutations. This also allows us to narrow our dictionary to passwords that are more likely to be the password that you are looking for.

Example:

for x in $(echo {K,C,k,c}{4t,4t,at,at}{s,z,S,Z,$}); do echo $x >> dictionary; done

With this set up forgoten LUKS passwords are not forgotten long.