We updated Elcomsoft Distributed Password Recovery and Elcomsoft Forensic Disk Decryptor with support for LUKS2, an updated version of Linux disk encryption tool. The tools work together to extract encryption metadata and launch a password recovery attack. In addition, Elcomsoft Distributed Password Recovery can now break PIN codes protecting Windows accounts on TPM-less systems.
In this update, our tools received the ability to recover passwords to encrypted disks and containers protected with LUKS2, the newer version of Linux disk encryption. Two Elcomsoft password recovery tools receive support for LUKS2 encryption. Elcomsoft Forensic Disk Decryptor extracts encryption metadata from LUKS2 disks and containers, which is required to launch an attack on encryption in Elcomsoft Distributed Password Recovery. Elcomsoft System Recovery, which was recently updated, can be used to extract encryption metadata from LUKS2 volumes attached to the suspect’s computer by booting the target system from a USB drive. The small file containing LUKS2 encryption metadata is all that you need to launch an attack on the LUKS password with the updated Elcomsoft Distributed Password Recovery.
Notably, LUKS2 is significantly more secure compared to the original LUKS. In its default configuration, LUKS2 uses Argon2, which is a new key derivation function designed specifically to resist GPU-assisted attacks. Attacks on LUKS2 disks and containers protected with Argon2 must be performed on the computer’s CPU, which results in significantly slower recovery speeds. If the LUKS2 disk is protected with a classic pbkdf2, the faster GPU-assisted attacks are available.
In addition, the updated Elcomsoft Distributed Password Recovery further improves support for Windows 10 and Windows 11 computers, adding the ability to attack PIN-protected user accounts on systems without a TPM.
Microsoft implements PIN codes as part of Windows Hello authentication, encouraging the use of PIN codes instead of a password. By default, PIN codes only contain digits, yet alphanumeric PINs are also possible. While 4 to 6-digit PINs can be broken in minutes, attacking an alphanumerical PIN is significantly slower comparing to the recovery of Windows NTLM passwords.
Elcomsoft Distributed Password Recovery 4.45 brings the ability to attack Windows Hello PIN codes on systems without a Trusted Platform Module (TPM). For digit-only PIN codes, the recovery is near-instant.
Elcomsoft Forensic Disk Decryptor 2.20 Release Notes
Elcomsoft Distributed Password Recovery 4.45 Release Notes
Comunicado de imprensaElcomsoft Breaks Windows Hello PIN Codes, Attacks LUKS2 Encryption (em inglês)
Leia mais• Ler o artigo «Probing Linux Disk Encryption: LUKS2, Argon 2 and GPU Acceleration» no nosso blog (em inglês)