Recovering data from a partition without the passphrase

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
1
down vote

favorite












How can I recover data from a crashed disk whose encryption passphrase I have forgotten? I have the root password, and my Ubuntu 16.04 is not booting. I am able to see the partition when I mount the disk in another computer but the files are not accessible.




encryption passphrase




share|improve this question
















  • 1




    If the data is encrypted and you don't have the passphrase, you're out of luck.
    – dsstorefile1
    Apr 26 at 6:32










  • related: askubuntu.com/questions/38336/…
    – Takkat
    Apr 26 at 6:42














up vote
1
down vote

favorite












How can I recover data from a crashed disk whose encryption passphrase I have forgotten? I have the root password, and my Ubuntu 16.04 is not booting. I am able to see the partition when I mount the disk in another computer but the files are not accessible.




encryption passphrase




share|improve this question
















  • 1




    If the data is encrypted and you don't have the passphrase, you're out of luck.
    – dsstorefile1
    Apr 26 at 6:32










  • related: askubuntu.com/questions/38336/…
    – Takkat
    Apr 26 at 6:42












up vote
1
down vote

favorite









up vote
1
down vote

favorite











How can I recover data from a crashed disk whose encryption passphrase I have forgotten? I have the root password, and my Ubuntu 16.04 is not booting. I am able to see the partition when I mount the disk in another computer but the files are not accessible.




encryption passphrase




share|improve this question












How can I recover data from a crashed disk whose encryption passphrase I have forgotten? I have the root password, and my Ubuntu 16.04 is not booting. I am able to see the partition when I mount the disk in another computer but the files are not accessible.





encryption passphrase





share|improve this question











share|improve this question




share|improve this question










asked Apr 26 at 6:26









Evans Ikua

61




61







  • 1




    If the data is encrypted and you don't have the passphrase, you're out of luck.
    – dsstorefile1
    Apr 26 at 6:32










  • related: askubuntu.com/questions/38336/…
    – Takkat
    Apr 26 at 6:42












  • 1




    If the data is encrypted and you don't have the passphrase, you're out of luck.
    – dsstorefile1
    Apr 26 at 6:32










  • related: askubuntu.com/questions/38336/…
    – Takkat
    Apr 26 at 6:42







1




1




If the data is encrypted and you don't have the passphrase, you're out of luck.
– dsstorefile1
Apr 26 at 6:32




If the data is encrypted and you don't have the passphrase, you're out of luck.
– dsstorefile1
Apr 26 at 6:32












related: askubuntu.com/questions/38336/…
– Takkat
Apr 26 at 6:42




related: askubuntu.com/questions/38336/…
– Takkat
Apr 26 at 6:42










1 Answer
1






active

oldest

votes

















up vote
1
down vote













The entire point of encryption is to keep unauthorized users out of files. This authorization is usually done via password. It is very likely all data on that drive (especially if it suffered a failure) should be considered lost.



However, for the sake of knowledge, you may theoretically launch a brute force attack against this drive:



  1. First and foremost (as with any failing hard drive), create a full disk image using the dd command. If this fails, you may have luck with ddrescue and other such emergency recovery utilities. Once you have an image, get rid of the hard drive. It's dead.

  2. Use a tool like John the Ripper or bruteforce-luks to attempt to brute force the encryption password. This will take a very long time, as decoding the master key for a LUKS-encrypted drive takes time. See this question on Security.SE, where a few passwords a second is considered good.

All in all, the data there is lost. In the future, ensure you have available (and working!) backups available to you. Also ensure that you either have an emergency recovery encryption key, or have your standard LUKS password written down and stored in a safe location (e.g. bank security deposit box).



See the Red Hat documentation for a couple other approaches (if you have a second keyslot, a master key, or the drive is still open). In your case, however, it seems unlikely that any of those apply.






share|improve this answer




















  • OK, I think that is quite clear. I will see what to do. Unfortunately this hard disk died at the same time that my external WD Passport disk died with my backup. They were both 5 years old, almost to a month. RIP! Very expensive lessons here..
    – Evans Ikua
    Apr 26 at 7:52










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1028285%2frecovering-data-from-a-partition-without-the-passphrase%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote













The entire point of encryption is to keep unauthorized users out of files. This authorization is usually done via password. It is very likely all data on that drive (especially if it suffered a failure) should be considered lost.



However, for the sake of knowledge, you may theoretically launch a brute force attack against this drive:



  1. First and foremost (as with any failing hard drive), create a full disk image using the dd command. If this fails, you may have luck with ddrescue and other such emergency recovery utilities. Once you have an image, get rid of the hard drive. It's dead.

  2. Use a tool like John the Ripper or bruteforce-luks to attempt to brute force the encryption password. This will take a very long time, as decoding the master key for a LUKS-encrypted drive takes time. See this question on Security.SE, where a few passwords a second is considered good.

All in all, the data there is lost. In the future, ensure you have available (and working!) backups available to you. Also ensure that you either have an emergency recovery encryption key, or have your standard LUKS password written down and stored in a safe location (e.g. bank security deposit box).



See the Red Hat documentation for a couple other approaches (if you have a second keyslot, a master key, or the drive is still open). In your case, however, it seems unlikely that any of those apply.






share|improve this answer




















  • OK, I think that is quite clear. I will see what to do. Unfortunately this hard disk died at the same time that my external WD Passport disk died with my backup. They were both 5 years old, almost to a month. RIP! Very expensive lessons here..
    – Evans Ikua
    Apr 26 at 7:52














up vote
1
down vote













The entire point of encryption is to keep unauthorized users out of files. This authorization is usually done via password. It is very likely all data on that drive (especially if it suffered a failure) should be considered lost.



However, for the sake of knowledge, you may theoretically launch a brute force attack against this drive:



  1. First and foremost (as with any failing hard drive), create a full disk image using the dd command. If this fails, you may have luck with ddrescue and other such emergency recovery utilities. Once you have an image, get rid of the hard drive. It's dead.

  2. Use a tool like John the Ripper or bruteforce-luks to attempt to brute force the encryption password. This will take a very long time, as decoding the master key for a LUKS-encrypted drive takes time. See this question on Security.SE, where a few passwords a second is considered good.

All in all, the data there is lost. In the future, ensure you have available (and working!) backups available to you. Also ensure that you either have an emergency recovery encryption key, or have your standard LUKS password written down and stored in a safe location (e.g. bank security deposit box).



See the Red Hat documentation for a couple other approaches (if you have a second keyslot, a master key, or the drive is still open). In your case, however, it seems unlikely that any of those apply.






share|improve this answer




















  • OK, I think that is quite clear. I will see what to do. Unfortunately this hard disk died at the same time that my external WD Passport disk died with my backup. They were both 5 years old, almost to a month. RIP! Very expensive lessons here..
    – Evans Ikua
    Apr 26 at 7:52












up vote
1
down vote










up vote
1
down vote









The entire point of encryption is to keep unauthorized users out of files. This authorization is usually done via password. It is very likely all data on that drive (especially if it suffered a failure) should be considered lost.



However, for the sake of knowledge, you may theoretically launch a brute force attack against this drive:



  1. First and foremost (as with any failing hard drive), create a full disk image using the dd command. If this fails, you may have luck with ddrescue and other such emergency recovery utilities. Once you have an image, get rid of the hard drive. It's dead.

  2. Use a tool like John the Ripper or bruteforce-luks to attempt to brute force the encryption password. This will take a very long time, as decoding the master key for a LUKS-encrypted drive takes time. See this question on Security.SE, where a few passwords a second is considered good.

All in all, the data there is lost. In the future, ensure you have available (and working!) backups available to you. Also ensure that you either have an emergency recovery encryption key, or have your standard LUKS password written down and stored in a safe location (e.g. bank security deposit box).



See the Red Hat documentation for a couple other approaches (if you have a second keyslot, a master key, or the drive is still open). In your case, however, it seems unlikely that any of those apply.






share|improve this answer












The entire point of encryption is to keep unauthorized users out of files. This authorization is usually done via password. It is very likely all data on that drive (especially if it suffered a failure) should be considered lost.



However, for the sake of knowledge, you may theoretically launch a brute force attack against this drive:



  1. First and foremost (as with any failing hard drive), create a full disk image using the dd command. If this fails, you may have luck with ddrescue and other such emergency recovery utilities. Once you have an image, get rid of the hard drive. It's dead.

  2. Use a tool like John the Ripper or bruteforce-luks to attempt to brute force the encryption password. This will take a very long time, as decoding the master key for a LUKS-encrypted drive takes time. See this question on Security.SE, where a few passwords a second is considered good.

All in all, the data there is lost. In the future, ensure you have available (and working!) backups available to you. Also ensure that you either have an emergency recovery encryption key, or have your standard LUKS password written down and stored in a safe location (e.g. bank security deposit box).



See the Red Hat documentation for a couple other approaches (if you have a second keyslot, a master key, or the drive is still open). In your case, however, it seems unlikely that any of those apply.







share|improve this answer












share|improve this answer



share|improve this answer










answered Apr 26 at 6:39









Kaz Wolfe

25.5k1370131




25.5k1370131











  • OK, I think that is quite clear. I will see what to do. Unfortunately this hard disk died at the same time that my external WD Passport disk died with my backup. They were both 5 years old, almost to a month. RIP! Very expensive lessons here..
    – Evans Ikua
    Apr 26 at 7:52
















  • OK, I think that is quite clear. I will see what to do. Unfortunately this hard disk died at the same time that my external WD Passport disk died with my backup. They were both 5 years old, almost to a month. RIP! Very expensive lessons here..
    – Evans Ikua
    Apr 26 at 7:52















OK, I think that is quite clear. I will see what to do. Unfortunately this hard disk died at the same time that my external WD Passport disk died with my backup. They were both 5 years old, almost to a month. RIP! Very expensive lessons here..
– Evans Ikua
Apr 26 at 7:52




OK, I think that is quite clear. I will see what to do. Unfortunately this hard disk died at the same time that my external WD Passport disk died with my backup. They were both 5 years old, almost to a month. RIP! Very expensive lessons here..
– Evans Ikua
Apr 26 at 7:52

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1028285%2frecovering-data-from-a-partition-without-the-passphrase%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

pylint3 and pip3 broken

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have tried sudo apt remove --purge on various packages. I get the same when I reinstall. I have also tried reinstall using aptitude. This does not work. My current workaround is to run pylint3 as root, which works, but is bad practice. pip3 $ pip3 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 33, in vendored __import__(vendored_name, globals(), locals(), level=0) ImportError: No module named 'pip._vendor.pkg_resources' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/pip3", line 9, in <module> from pip import main File "/usr/lib/python3/dist-packages/pip/__init__.py", line 13, in <module> from pip.exceptions import InstallationError, CommandError, PipError File "/usr/lib/python3/dist-packages/pip/exceptions.py", line 6, ...
Read more

Missing snmpget and snmpwalk

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried to install it with: apt-get install net-snmp-utils but I have error message: Unable to locate package. I have also check what from SNMP is preinstalled and there is: libsnmp-base libsnmp30:amd64 snmp-mibs-downloader snmpd snmptrapd snmptrapfmt How can I install snmpget and snmpwalk ? snmp zabbix share | improve this question edited Jan 29 at 10:10 Yaron 8,552 7 18 38 asked Jan 29 at 9:51 Alfista 1 apt install snmp perhaps ? If named differently - apt cache snmp – fugitive Jan 29 at 10:00 add a comment  |  up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried...
Read more

How to enroll fingerprints to Ubuntu 17.10 with VFS491

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
Read more