help with LUKS data recovery
#11
(01-06-2018, 05:19 PM)philsmd Wrote: Was your original luks volume generated by some GUI or web-interface etc and you do not know what settings it uses?

Exactly this.

I mounted the fs now and created a random file on it and redid the whole process. Now I have randomness in the header, and I can decrypt it using hashcat. My guess is the VM is to blame, since I used a dynamically allocated virtual hard drive. In any case, it works now and I can direct my attention at the original header.

Thanks a lot for your help!
#12
I am still trying to crack my hash. I just noticed that the cipher mode is set to cbc-essiv : sha256 in my real volume compared to xts-plain64. Does the cipher mode make any difference to hashcat, is it able to detect it or do I have to feed the proper arguments to it?
#13
Hashcat autodetects this.
#14
Thank you atom.