[ubuntu-za] Encrypted Filesystem Question

Quintin van Rooyen quintin.vanrooyen at gmail.com
Thu Sep 17 08:52:31 BST 2009 

2009/9/16 Quintin Beukes <quintin at last.za.net>

> For interest sake, how long did it take to recover the password? I
> assume the password you forgot was given to you? Is this done with
> brute force or is there a weakness (as in it being stored for purposes
> of automation)?
>
> Q
>
I remembered my old login password. I used it to recover my encryption key.
I guess that for a 8digit password (like mine was) it will take at least a
day or so to brute-force it (I had no special characters.)

I wonder if it spits out a random key every time you enter an incorrect
password or gives an error message.

My point is that encryption keys are moot if the only thing keeping you from
your data is the strength or weakness of your login password. How many
people do you know with strong and proper login passwords?

Regards

Q

(ps. I find it weird to answer a mail signed Q with a mail signed Q)


>
> On Wed, Sep 16, 2009 at 5:20 PM, Quintin van Rooyen
> <quintin.vanrooyen at gmail.com> wrote:
> > SOLVED!
> >
> > I went through a lot of troubleshooting to get this right.
> >
> > Here is a quick walk-through, might not be perfect though. You need to
> > install ecryptfs-utils before doing this, and it is not available in the
> > live environment until you do apt-get update.
> >
> > sudo aptitude install ecryptfs-utils
> >
> > sudo mount -t ecryptfs /home/username/.Private /home/username/Private
> >
> > I was asked what my passphrase was. Realised I forgots it :(
> >
> > So I mounted the drive, and did:
> >
> >
> ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase "login passphrase"
> >
> > (Note that some of the symlinks may be broken, as it was in my case and I
> > had to follow the broken symlinks to the correct file.)
> >
> > After running that command your passkey is spat out (you use your
> password
> > that you used to log into Ubuntu (in my case)) in plain text.
> >
> > This in effect means that if someone can get hold of your harddrive with
> > your entire installation they can run a brute force with this command
> until
> > the correct passphrase is spat out. The wrapper-passphrase file is not in
> > /home. I forget now where it was.
> >
> > After doing this I successfully mounted the file and browsed to it. I
> could
> > see files, open images and so on but the filenames and extentions where
> > horribly encrypted and for all intents and purposes useless.
> >
> > So I backtracked and did the following:
> >
> > Sudo mkdir /mount/encrypt (the name was so I could sanely identify the
> > mounted drive)
> > sudo mount /dev/sda6 /mount/encrypt
> > sudo mount -o bind /dev /mount/encrypt/dev
> > sudo mount -o bind /proc /mount/encrypt/proc
> > sudo mount -o bind /sys /mount/encrypt/sys
> >
> > Then I chrooted into the drive:
> >
> > sudo chroot /mount/encrypt
> >
> > I then changed into the correct username:
> >
> > su - quintin
> >
> > and I was asked to enter my password. So I did (for the old install)
> >
> > I ran the ecryptfs-mount command and entered my (previously recovered)
> > passphrase but was promptly informed that it was incorrect. So I had to
> tell
> > the install what the correct one is by using:
> >
> > ecryptfs-add-passphrase --fnek
> >
> > I was prompted for the passphrase (the long monster of a thing that gets
> > spat out if you ever decide to encrypt a drive)
> >
> > After that I ran:
> >
> > ecryptfs-mount-private and was asked for my passphrase again and I
> entered
> > it. This time it was accepted and I could do a:
> >
> > cd $HOME
> >
> > After much churning and noise (the HDD is bad :() my files where
> displayed!
> >
> >
> > I could now browse to the folder in nautilus (after Jaco Kroon helped me
> > with something that I did not understand about chroot, thanks Jaco) and I
> > could start copying the important stuff over.
> >
> > So there you are.
> >
> >
> > Thanks for all the suggestions, and here are the howto's I followed, but
> > they do not work in and of themselves:
> >
> >
> http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html
> >
> >
> https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering%20Your%20Data%20Manually
> >
> > --
> > Quintin van Rooyen
> > 0824772477
> > quintin.vanrooyen at gmail.com
> > The New SA Geek!
> > http://blog.sageek.co.za
> >
> > --
> > ubuntu-za mailing list
> > ubuntu-za at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
> >
> >
>
>
>
> --
> Quintin Beukes
>
> --
> ubuntu-za mailing list
> ubuntu-za at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>



-- 
Quintin van Rooyen
0824772477
quintin.vanrooyen at gmail.com
The New SA Geek!
http://blog.sageek.co.za
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-za/attachments/20090917/9c43070b/attachment-0002.htm

More information about the ubuntu-za mailing list