[ubuntu-za] Encrypted Filesystem Question

Quintin Beukes quintin at last.za.net
Wed Sep 16 20:06:25 BST 2009


For interest sake, how long did it take to recover the password? I
assume the password you forgot was given to you? Is this done with
brute force or is there a weakness (as in it being stored for purposes
of automation)?

Q

On Wed, Sep 16, 2009 at 5:20 PM, Quintin van Rooyen
<quintin.vanrooyen at gmail.com> wrote:
> SOLVED!
>
> I went through a lot of troubleshooting to get this right.
>
> Here is a quick walk-through, might not be perfect though. You need to
> install ecryptfs-utils before doing this, and it is not available in the
> live environment until you do apt-get update.
>
> sudo aptitude install ecryptfs-utils
>
> sudo mount -t ecryptfs /home/username/.Private /home/username/Private
>
> I was asked what my passphrase was. Realised I forgots it :(
>
> So I mounted the drive, and did:
>
> ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase "login passphrase"
>
> (Note that some of the symlinks may be broken, as it was in my case and I
> had to follow the broken symlinks to the correct file.)
>
> After running that command your passkey is spat out (you use your password
> that you used to log into Ubuntu (in my case)) in plain text.
>
> This in effect means that if someone can get hold of your harddrive with
> your entire installation they can run a brute force with this command until
> the correct passphrase is spat out. The wrapper-passphrase file is not in
> /home. I forget now where it was.
>
> After doing this I successfully mounted the file and browsed to it. I could
> see files, open images and so on but the filenames and extentions where
> horribly encrypted and for all intents and purposes useless.
>
> So I backtracked and did the following:
>
> Sudo mkdir /mount/encrypt (the name was so I could sanely identify the
> mounted drive)
> sudo mount /dev/sda6 /mount/encrypt
> sudo mount -o bind /dev /mount/encrypt/dev
> sudo mount -o bind /proc /mount/encrypt/proc
> sudo mount -o bind /sys /mount/encrypt/sys
>
> Then I chrooted into the drive:
>
> sudo chroot /mount/encrypt
>
> I then changed into the correct username:
>
> su - quintin
>
> and I was asked to enter my password. So I did (for the old install)
>
> I ran the ecryptfs-mount command and entered my (previously recovered)
> passphrase but was promptly informed that it was incorrect. So I had to tell
> the install what the correct one is by using:
>
> ecryptfs-add-passphrase --fnek
>
> I was prompted for the passphrase (the long monster of a thing that gets
> spat out if you ever decide to encrypt a drive)
>
> After that I ran:
>
> ecryptfs-mount-private and was asked for my passphrase again and I entered
> it. This time it was accepted and I could do a:
>
> cd $HOME
>
> After much churning and noise (the HDD is bad :() my files where displayed!
>
>
> I could now browse to the folder in nautilus (after Jaco Kroon helped me
> with something that I did not understand about chroot, thanks Jaco) and I
> could start copying the important stuff over.
>
> So there you are.
>
>
> Thanks for all the suggestions, and here are the howto's I followed, but
> they do not work in and of themselves:
>
> http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html
>
> https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering%20Your%20Data%20Manually
>
> --
> Quintin van Rooyen
> 0824772477
> quintin.vanrooyen at gmail.com
> The New SA Geek!
> http://blog.sageek.co.za
>
> --
> ubuntu-za mailing list
> ubuntu-za at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>
>



-- 
Quintin Beukes



More information about the ubuntu-za mailing list