Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "how to crack LUKS encryption". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Basic knowledge of disk encryption

All disk encryption tools rely on symmetric encryption to encrypt data, and although Microsoft BitLocker uses a 128bit AES key by default, major disk encryption tools typically rely on hardware accelerated AES encryption with a 256bit key. Some disk encryption tools offer a choice of encryption algorithms, the most supported being VeraCrypt, which provides about 15 symmetric encryption options.

Generate a symmetric encryption key from the user's password (or other data) by using the key generation function (KDF). KDF uses an one-way transformation (hash function) entered by the user to generate a binary encryption key or to unlock the intermediate key used to decrypt the actual symmetric encryption key. Different hash functions and a large number of hash iterations are used to reduce the speed of potential brute force cracking.

When cracking the encryption container, you must know the exact combination of encryption algorithms, hash functions, and hash iterations. The wrong choice will actually invalidate your chances of successful recovery, even if you stumble upon the correct password.

LUKS disk encryption

LUKS is a platform-independent disk encryption specification originally developed for Linux OS. LUKS is the de facto standard for disk encryption in Linux, which promotes compatibility between various Linux distributions and provides secure management of multiple user passwords. Today, LUKS is widely used in almost every Linux distribution on desktops and laptops. It is also a popular encryption format for network attached storage (NAS) devices, especially those produced by QNAP.

In addition to full encryption, LUKS can also be used to create and run encryption containers similar to other encryption containers, such as VeraCrypt, with the same level of protection as LUKS full encryption.

LUKS provides users with the choice of various encryption algorithms, hash functions and encryption modes, thus providing about 45 possible combinations.

LUKS encryption algorithm

LUKS supports a combination of multiple encryption algorithms, encryption modes, and hash functions, including:

Advanced encryption Standard (AES)

Serpent encryption algorithm

Twofish encryption algorithm

CAST-128 encryption algorithm

CAST-256 encryption algorithm

AES is the only hardware-accelerated encryption algorithm and by far the most common of the three, especially when used in enterprise environments and network-attached storage (NAS) devices. AES encryption provides the highest stream cipher performance when used on chipsets with AES encryption acceleration functions, such as the AES-NI instruction set in Intel CPU. Serpent and Twofish can be manually specified by the user when the encrypted volume is created.

LUKS supports the following encryption modes:

ECB (one of the modes of block encryption)

CBC-PLAIN64

CBC-ESSIV: hash

XTS-PLAIN64

When setting up encrypted volumes, different Linux distributions may use different default settings. For example, Red Hat Linux uses cbc-essiv:sha256 and 256-bit AES keys, which is the default combination of many popular Linux distributions. The cracking tools used in this article support CBC-PLAIN64,CBC-ESSIV:SHA256 and XTS-PLAIN64 encryption modes.

LUKS hash function

In disk encryption, the hash function is used as part of the key generation function (KDF). KDF is used to derive binary encryption keys from user-supplied input (usually a text-based passphrase), and the LUKS specification supports the following hash functions:

SHA-1

SHA-256

SHA-512

RIPEMD160

Whirlpool (hash algorithm based on block cipher)

However, support for WHIRLPOOL is not part of the specification, but the cracking tool used in this article supports this hash function as well as four "formal" functions. By default, most Linux distributions use SHA-256 as the hash function.

LUKS default encryption settin

Although maintainers of each Linux distribution and hardware manufacturers of embedded Linux are free to choose their own default encryption settings, aes-cbc-essiv:sha256 with a 256-bit symmetric encryption key is the most common default encryption setting. The meaning is as follows:

The AES-- encryption algorithm is AES (256bit key is used by default)

CBC-password block link encryption mode

ESSIV-encrypted salt sector initialization vector. This IV should be used for passwords in CBC mode

SHA-256-- uses a secure hash algorithm calculated by 32-bit words, which is the default hash function for passwords in CBC mode.

Non-default encryption settin

Unlike TrueCrypt / VeraCrypt, where users can specify decryption settings other than the default settings when encrypting the disk, LUKS does store information about the selected encryption settings in the encryption metadata so that the encryption settings can be detected before a crack is initiated. Elcomsoft Distributed Password Recovery automatically detects LUKS encryption settings by analyzing encrypted metadata, which must be extracted using Elcomsoft Forensic Disk Decryptor before cracking.

Multiple encryption keys

A LUKS volume can be protected with multiple keys, and the specification allows multiple user keys to decrypt the master key used for encryption. As a result, LUKS-encrypted devices may contain multiple key slots that store backup keys / passwords and allow multiple users to unlock LUKS volumes with their own passwords.

Each key slot is protected with unique salt encryption, which makes reverse brute force cracking (matching the same KDF password with different slots) not feasible. During the cracking process, the KDF must be calculated separately for each key slot. Therefore, recovering the password to protect the LUKS device requires the selection of a key slot to crack. When cracking a password, use Elcomsoft Distributed Password Recovery to perform this selection when setting up an attack.

Crack LUKS encryption step 1: extract encrypted metadata

In order to protect access to the data stored in the encrypted device, the original plain text password must first be restored. There are multiple steps involved and several different tools are required.

1. Use Elcomsoft Forensic Disk Decryptor or Elcomsoft System Recovery to extract encrypted metadata from an encrypted device or disk image.

two。 Password cracking is initiated through Elcomsoft Distributed Password Recovery using the extracted metadata (a small file).

3. After you find the password, mount the disk volume or decrypt the data.

There are two different tools to extract LUKS encrypted metadata, and choosing the right one depends on whether you are working in the field or in the lab. If you want to analyze the suspicious computer, you can use Elcomsoft System Recovery to boot the system from the USB flash drive and extract encrypted metadata from the storage device connected to the computer.

Note: LUKS encryption is supported in Elcomsoft System Recovery 7.06 and later. If you are using an older version of the tool, please update to the latest version to get LUKS support.

1. Download Elcomsoft System Recovery, start the installer, and create a bootable USB drive.

two。 Use the USB drive to boot the target system to the Windows PE environment.

3.Elcomsoft System Recovery will start automatically.

4. View additional disks.

5. Select the LUKS encrypted partition, and then click dump to extract the encrypted metadata.

Transfer encrypted metadata on your computer and use it with Elcomsoft Distributed Password Recovery to initiate cracking of LUKS encrypted passwords.

If you are working in a lab and are working on a disk or disk image, you will use Elcomsoft Forensic Disk Decryptor, and using Elcomsoft Forensic Disk Decryptor to extract encrypted metadata is very simple.

Note: Elcomsoft Forensic Disk Decryptor 2.13 and above supports LUKS encryption. If you are using an older version of the tool, please update to the latest version to get LUKS support.

1. Start Elcomsoft Forensic Disk Decryptor.

two。 Select the operation mode "extract / prepare data for further password recovery".

3. Open the physical device or disk image that contains the LUKS volume, and in the following example, we are working on the physical device.

4.EFDD will display a list of encrypted volumes and select the volumes from which you want to extract encrypted metadata.

5. Click next to extract the encrypted metadata and save it to a file.

Crack LUKS encryption step 2: crack the password

Although LUKS provides strong protection against brute force cracking by using thousands of hash function iterations in the key generation process, we have made great progress in password recovery cracking compared to the past. The speed of forced password entry is greatly accelerated due to the use of GPU acceleration, distributed, and cloud computing. With Elcomsoft Distributed Password Recovery, up to 10000 computers and on-demand cloud instances can be used to crack a single password.

To crack, do the following.

1. Start Elcomsoft Distributed Password Recovery

two。 Open the file that contains the encrypted metadata obtained using the Elcomsoft Forensic Disk Decryptor in the previous step

3. The available key slots and the number of hash iterations are displayed. Specify the key slot to crack

4. Configure and start cracking

Brute force cracking is not only faster, but also smarter. The user's existing password is a good starting point, which can be extracted from the user's Google account, macOS,iOS or iCloud keychain, Microsoft account, or from the user's computer, and the user's existing password indicates which character groups may be used:

Elcomsoft Distributed Password Recovery provides a number of options to automatically try the most common variations of the password (such as Password1,password1967 or pa $$w0rd):

The mask can be used to try to match the password of the established generic pattern:

Advanced technology allows passwords to be written using up to two dictionaries and scriptable rules:

How long will it take to crack the password?

Even if you know exactly how many passwords an attack will generate per second, there are still many factors that affect the time it takes to recover LUKS passwords. The length and entropy of passwords, as well as what you know about passwords or how users compose them, will have a huge impact on the time it takes to crack a particular LUKS capacity.

How fast is the recovery? The speed is not a constant value, and many factors that affect the cracking speed are not very obvious. The number of passwords per second you can try depends on several things, the most important of which are the following:

Hardware: the more high-end video cards you have, the faster the original speed will be. The same is true of the number of computers carrying out attacks, and the more computers that process passwords, the faster they will be.

Hash functions: some hash functions are slower than others. For LUKS, you can choose five hash functions, including RIPEMD160,SHA-1,SHA-256,SHA-512 and WHIRLPOOL, of which RIPEMD160 is the fastest and WHIRLPOOL is the slowest. Depending on the choice of hash function when setting encryption, your attack may be faster or slower.

Encryption algorithm and encryption mode: similarly, selecting these settings when the user sets the encryption and selecting the hash function will affect the speed of the attack, but the attack speed is much slower than the choice of the hash function.

Hash iterations and the speed of the user's computer: unlike other disk encryption tools such as BitLocker or VeraCrypt, LUKS changes the number of hash iterations used to protect the primary encryption key. When an encrypted disk is created with a given combination of encryption settings, LUKS benchmarking the user's system. This data is used to select the number of hash iterations to protect the primary encryption key. In fact, LUKS encrypted disks or containers created on low-end computers have weaker protection functions than similar disks or containers created on high-end hardware. If you move the disk or container to a new computer with more powerful functions, the number of hash iterations does not change.

More interestingly, the number of hash iterations varies depending on the choice of other encryption settings. If you use a weaker (faster) hash function, choose a large number of hash iterations and vice versa. In theory, regardless of the selected hash function and encryption setting, the variable number of hash iterations makes attacks on LUKS volumes or containers created on similar hardware at the same speed. This is not the case; there are still differences in attack speed between different algorithms and hash functions, as shown in the benchmark below.

It is worth noting that hash iterations are stored with other encrypted metadata, which is not the case with TrueCrypt / VeraCrypt containers, making hash iterations another secret provided by the user.

That's all for the content of "how to crack LUKS encryption". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.