Closed milesflo closed 4 years ago
A key of 32 bytes is a 256-bit key, and that is a way too big keyspace for bruteforcing if the key is random data.
If the key is not random data and you have some information on its format, you could generate the possibilities and write them to a file using a custom program, and then try them with the -f
option of bruteforce-luks.
According to this redhat tutorial it's a common practice to have file-based authentication for LUKS drives to allow for at-boot decryption.
However, they recommend a key length of only 32 bytes which feels like an achievable keyspace for brute forcing.
Guide:
Adding a key file to an existing LUKS volume:
Examples:
Take care to ensure the key file is hidden from and unreadable by all untrusted parties
Example:
Implementation
Add a flag to try key file based bf-ing, with a flag to determine the target length, or ≤ this max size