Cloud resources

[jtagcat]

Is it possible, like with WPA-2 to capture a handshake, to get the drive's encryption key and use your cloud resources to accelerate cracking?

[glv2]

There is no handshake when decrypting a LUKS volume. The password the user enters is used to derive a user key using PBKDF2 or Argon2i, and this user key is used to decrypt the master key that is used to decrypt the data of the volume.

In theory it would be possible to send the header of a LUKS volume to a cloud service doing the cracking for you, but I don't know of any such cloud service.

[jtagcat]

The cloud can be a VPS (in my case bunch of selfhosted blades), meaning it can run any software (no need for a luks decryption service). I could host a VM on one of the blades, forward the USB (and run bruteforce-luks on the blade), but one couldn't use multiple blades/servers like this, since you can only forward a device once (in theory you could push something together, but I'm not aware of an easy way to do that).

My question rather was, if bruteforce-luks could extract the header of a volume (locally) and then use the header (on a 'cloud' device) to crack it afterwards. (Addittional feature would be to split the workload to files/combinations, but that can be easily done manually.)

[glv2]

There's an exemple in the README file showing how to work on a file containing the header instead of the block device directly.

If /dev/sda1 is a LUKS volume, you can get the header with sudo dd if=/dev/sda1 of=/tmp/luks-header bs=1M count=10.

Then you can send this file to as many VPS/computers as you want and use bruteforce-luks [some options...] luks-header on each of them.

However, splitting the workload so that the computers don't try the same combinations has to be done manually.