ecryptfs-devel team mailing list archive

Thread
Date

Re: unable to mount old filesystem

To: Dave Hansen <dave@xxxxxxxx>
From: Dustin Kirkland <kirkland@xxxxxxxxxxxxx>
Date: Mon, 5 Oct 2009 12:29:47 -0500
Cc: ecryptfs-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1254763005.8175.1071.camel@nimitz>
Sender: dustin.kirkland@xxxxxxxxx

On Mon, Oct 5, 2009 at 12:16 PM, Dave Hansen <dave@xxxxxxxx> wrote:
> How big was that salt?  I'm just thinking of the UNIX password salts
> that were only 12 bits or so.  They were intended to be brute-forced
> through at each login.  If it is small, perhaps it is worth just
> scripting it to try and recover.

See ecryptfs-utils/src/include/ecryptfs.h:

#define ECRYPTFS_SALT_SIZE 8
#define ECRYPTFS_SALT_SIZE_HEX (ECRYPTFS_SALT_SIZE*2)
#define ECRYPTFS_DEFAULT_SALT_HEX "0011223344556677"
#define ECRYPTFS_DEFAULT_SALT_FNEK_HEX "9988776655443322"

So that 16 hex digits, 16^16, which is pretty big.

By my calculations, if you try 1000 salts per second, it would take
you 585 million years in the worst case to crack it.

:-Dustin

References

unable to mount old filesystem
From: Dave Hansen, 2009-10-04
Re: unable to mount old filesystem
From: Dustin Kirkland, 2009-10-05
Re: unable to mount old filesystem
From: Dave Hansen, 2009-10-05
Re: unable to mount old filesystem
From: Dustin Kirkland, 2009-10-05
Re: unable to mount old filesystem
From: Dave Hansen, 2009-10-05
Re: unable to mount old filesystem
From: Dustin Kirkland, 2009-10-05
Re: unable to mount old filesystem
From: Dave Hansen, 2009-10-05