Brute force Linux encryption with LUKS volume cracker

The Linux Unified Key Setup (LUKS) volume cracker utility is a Windows program built around FreeOTFE to launch a brute force attack against compatible Linux encrypted volumes like Cryptoloop, dm-crypt and LUKS, widely used Linux disk encryption schemes, with the later also ported to the Android phone.

Operating LUKS volume cracker is very easy, select an encrypted volume first, select a dictionary you have, or build a custom one based on words likely to be used by the suspect and finally click on the huge “Crack” button, you will be given updates about the cracking process on the window below the program.

LUKS  volume cracker

LUKS volume cracker

The good news are that LUKS intentionally slows down password access to stop dictionary attacks and brute-force is not a real option unless a very easy password has been chosen or the attacker has a list of potential passwords. When you design a password do not get awed by its length, entropy (randomness) is a much more important factor in password security than the number of characters it is forged of, make sure special characters and blank spaces are present in it.

If would like to destroy an encrypted LUKS volume there is no need to wipe the whole partition, erasing the header and keyslots is enough, by default, LUKS decryption keys are contained within the firs 2MiB of an encrypted LUKS partition. A salt value is also stored inside the header, it will be impossible for anyone to decrypt a volume without knowing it, not even if  the password is found out later on. Encrypted Solid State Disks and thumbdrives will still need full device wiping as wear levelling technology moving around data makes it impossible to securely overwrite an specific sector.

To wipe the first 10MB of an encrypted LUKS volume (sda1) in Linux type:

dd if=/dev/zero of=/dev/sda1 bs=512 count=20480

Visit LUKS volume cracker homepage

One Response

  1. Ivan 28 December, 2012

Leave a Reply