18 August, 2020

ElcomSoft Breaks LUKS Encryption

ElcomSoft updates its range of password recovery tools, adding support for LUKS encryption, the de-facto standard for disk encryption in Linux. The tools help experts extracting encryption metadata from LUKS-encrypted disks and running a hardware-accelerated distributed attack on LUKS encryption passwords.

In this update, Elcomsoft Forensic Disk Decryptor 2.13 and Elcomsoft System Recovery 7.06 add support for LUKS-encrypted disks. The tools will display information about the encrypted disks connected to the computer, extract and save the encryption metadata.

The small files containing LUKS encryption metadata are everything that one needs to launch a GPU-assisted attack on the LUKS password with Elcomsoft Distributed Password Recovery 4.22, which is also updated to support LUKS encryption.

About LUKS disk encryption

LUKS is a platform-independent disk encryption specification originally developed for the Linux OS. LUKS is a de-facto standard for disk encryption in Linux, facilitating compatibility among various Linux distributions and providing secure management of multiple user passwords. Today, LUKS is widely used in nearly every Linux distribution on desktop and laptop computers. It is also a popular encryption format in Network Attached Storage (NAS) devices, particularly those manufactured by QNAP.

Extracting LUKS Metadata by Booting from a Flash Drive

The updated Elcomsoft System Recovery helps users and forensic expert extract LUKS encryption metadata from all attached storage devices by booting the computer being investigated into a portable Windows PE environment from a USB flash drive. Operating from the familiar Windows environment, the tool helps experts to quickly obtain the data required to launch the attack on LUKS-encrypted disks.

Elcomsoft System Recovery can recover or reset lost or forgotten passwords to Windows accounts. The ability to extract hibernation files and password hashes from encrypted disk volumes offers faster access to protected evidence stored on encrypted partitions.

Extracting LUKS Metadata from Disks and Disk Images

Elcomsoft Forensic Disk Decryptor is a Windows tool to instantly extract encryption metadata from a wide range of encrypted hard drives and forensic disk images. Unlike Elcomsoft System Recovery, Elcomsoft Forensic Disk Decryptor runs on the expert’s computer, and does not require booting into the Windows PE environment.

The tool helps gaining access to encrypted disk containers. This can be accomplished by extracting password hashes for brute-force and memory analysis to find encryption keys. Containers can be decrypted or mounted for evidence collection.

Breaking LUKS Passwords

LUKS disks can be protected with one or more passwords, each matching one of the several available key slots. Elcomsoft Distributed Password Recovery was updated with the ability to attack LUKS encryption passwords using ElcomSoft’s patented GPU acceleration technology. Scaling to over 10,000 workstations with zero scalability overhead, Elcomsoft Distributed Password Recovery is a high-end password recovery solution offering the speediest recovery with the most sophisticated commercially available technologies.

The product enables accelerated password recovery for more than 500 formats including Microsoft Office and Adobe PDF documents, encrypted volumes and archives, personal security certificates and exchange keys, MD5 hashes and Oracle passwords, Windows and UNIX login and domain passwords, BitLocker, LUKS, TrueCrypt, and VeraCrypt disk encryption.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certrified Partner, and Intel Software Premier Elite Partner.

Contact Us

Elcomsoft s.r.o.

Československé armády 371/11,
Praha 6-Bubeneč,
Czech Republic, PSČ 160 00

Please click here for contacts with Elcomsoft Co. Ltd. representative.

As one of the industry leaders, our job involves complex research and constant monitoring of industry news. We love sharing our findings with our followers. Follow us on a social network of your choice, and we’ll deliver quality content straight to your news feed.