This is a fun story. I wanted to change my passphrase, but I did something incredibly stupid (It was rather late and I had a pretty f***** up day/evening full of waterspouts, drunken drivers and a broken car battery). But anyway, first I ran:
cryptsetup luksAddKey /dev/sda5
Then entered my passphrase. Then I thought I had to confirm the thing, so I entered it again. (Mistake 1, reading is important)
When reading back on the terminal I saw, it actually asked for a new one. I thought, oh this maybe bad, so I tried to open the volume and couldn't. I checked luksDump and saw I had two keyslots. And I didn't make an backup of the header. (Mistake 2, preparation is vital)
I assumed I broke my disk, so I removed the extra passphrase (Mistake 3, think before you do):
cryptsetup luksRemoveKey /dev/sda5
Then I checked luksDump and I removed the wrong one:
Keyslot 0: DISABLED
I tried to open it and I couldn't with the old passphrase. Now I knew I borked it completely.
My question is in what state my setup is. I have a couple of options:
- The setup is still fine, but the new passphrase contains typos.
- The setup is still fine, but I lost the key.
- The setup is in some undefined state.
I can see that I can only recover in case number 1. It is not too bad, I have backup of most of the data, but I still would like to know what I caused and if I can recover from it. If it is some typo, I can write some program to try out various typos I make.
Edit
Case 1 is also not feasible either. The passphrase was 40 characters long without the spaces. So say I made a type (and didn't displace a space). Then I have +/- 6 possibilities to type a key wrong. I do not make the whole time spelling errors, say I could have made something between 1 and 3 typos. Then I already can scan 10321 (6^0 + 40 * 6^1 + 40 * 6^2 ...) passphrases, which will take an equivalent amount of seconds, that is already 2+ hours on my laptop.
When I take character swaps in account, the amount will explode further. If I swapped two characters, I need to check 40 variants of my original password for each possible typo. This costs 4 days. (40 * (6 ^ 0 * 40 + 6 ^ 1 * 40 + 6 ^ 2 * 40 ..))and the two hours in the case I didn't do a space swap. Then we have deletion, insertions and swaps over more than one character, maybe more typos to consider etc.
