Password, home directory encrypted, no passphrase problem

nntn

nntn

Member
Joined
Sep 1, 2021
Messages
37
Reaction score
3
Credits
334
Hello,

I was able to reset my password but got the login loop because I think my home directory is encrypted, and I don't have the passphrase. Is there any easy way to decrypt the home directory or just recover my files? Got some tips from YT and it was said nothing can be recovered without the passphrase. Please advise.
 


Nothing can be recovered without the passphrase when it comes to encryption.
 
Would you think the encryption is causing the login loops?

I am getting theses messages after logging in to tty:
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'

I then tried 'ecryptfs-mount-private' command and it was asking for login passphrase.

Is there a right way to reset the password?

I think the directory is encrypted. I am not sure; I am guessing. I don't remember.
 
I haven't used encryptfs but when did this problem start occurring? After you changed your password, if so it might be worth trying to revert your password back to your old password to see what happens?
 
f33dm3bits said:
I haven't used encryptfs but when did this problem start occurring? After you changed your password, if so it might be worth trying to revert your password back to your old password to see what happens?
Click to expand...
After a year I haven't used my system. I tried resetting it yesterday using different methods.

I have just used command 'ecryptfs-unwrap-passphrase' but I am getting an error:
Error: Unwrapping passphrase failed [-22]
Info: Check the system log for more information from libcryptfs

I don't remember the old password. Is there a way to get the old password from /etc/passwd or /etc/shadow even though I changed it to so many different passwords? I think the old password would have been overwritten by now. If I could get the old password back then I would think the passphrase is not required. Is there away to retrieve the old password?
 
nntn said:
After a year I haven't used my system. I tried resetting it yesterday using different methods.

I don't remember the old password. Is there a way to get the old password from /etc/passwd or /etc/shadow even though I changed it to so many different passwords? I think the old password would have been overwritten by now. If I could get the old password back then I would think the passphrase is not required. Is there away to retrieve the old password?
Click to expand...
The only thing I can think it that some how encryptfs uses your password as an encryption passphrase to decrypt your home folder with enncryptfs.

I just did a search and found this.

eCryptfs - ArchWiki

wiki.archlinux.org wiki.archlinux.org
For auto-mounting, it is required that the encrypted directory passphrase is identical to the user's log-in password.
Click to expand...
So it's looking like what I suspected is correct. So your old password is the passphrase for decrypting your homedir.
 
I've tried entering the same password for passphrase but now I am getting an error about unwrapping passphrase:
ERROR: your passphrase is incorrect

Is there a way to undo the command 'ecryptfs-unwrap-passphrase'?

I have tried the command 'ecryptfs-wrap-passphrase' but there is an error on the usage.
 
nntn said:
I've tried entering the same password for passphrase but now I am getting an error about unwrapping passphrase:
ERROR: your passphrase is incorrect
Click to expand...
Do you mean your tried entering your new password for the passphrase?

From my understanding ecryptfs-unwrap-passphrase will only work if you have a decrypted drive since it decrypts an encrypted file with your passphrase located in your homedir.

eCryptfs - ArchWiki

wiki.archlinux.org wiki.archlinux.org
 
f33dm3bits said:
Do you mean your tried entering your new password for the passphrase?

From my understanding ecryptfs-unwrap-passphrase will only work if you have a decrypted drive since it decrypts an encrypted file with your passphrase located in your homedir.

eCryptfs - ArchWiki

wiki.archlinux.org wiki.archlinux.org
Click to expand...
My error. It's the old password that would be the same for the passphrase. Is there a way to retrieve the old password? What would be the easiest solution at this time?
 
nntn said:
My error. It's the old password that would be the same for the passphrase. Is there a way to retrieve the old password?
Click to expand...
Do you mean to reset your password to the old password or to find out what your old password is?
 
f33dm3bits said:
Do you mean to reset your password to the old password or to find out what your old password is?
Click to expand...
I don't remember the old password so I reset it many times, so I meant to say if there is a file that stores the old password.

I even tried bypassing the password by editing the /etc/passwd but got the login loops.

What would be the easiest solution at this time to recover my files?
 
nntn said:
I even tried bypassing the password by editing the /etc/passwd but got the login loops.
Click to expand...
/etc/passwd just has user information, not password information. /etc/shadow contains password information. Since you changed your password /etc/shadow will have been updated.

nntn said:
What would be the easiest solution at this time to recover my files?
Click to expand...
You can't restore access to your files because ecryptfs uses your password as passphrase to encrypt your home folder as mentioned before.
For auto-mounting, it is required that the encrypted directory passphrase is identical to the user's log-in password.
Click to expand...
So unless you have a way of remembering your old password and changing it back for your use to that you have no way of getting access to the files in your homedir.
 
f33dm3bits said:
/etc/passwd just has user information, not password information. /etc/shadow contains password information. Since you changed your password /etc/shadow will have been updated.


You can't restore access to your files because ecryptfs uses your password as passphrase to encrypt your home folder as mentioned before.

So unless you have a way of remembering your old password and changing it back for your use to that you have no way of getting access to the files in your homedir.
Click to expand...
This starting at 4:22 shows how to bypass the login password. I didn't view the whole video. I stopped at the part where the file passwd can be changed to bypass. I was able to bypass the password but got the login loops. So what is causing the login loops? What I have said were guesses. I don't remember either if I encrypted my homedir. What else is there that Mint will let the users do to recover files?
 
nntn said:
This starting at 4:22 shows how to bypass the login password.
Click to expand...
Yeah it just shows how to to remove the need for a password for an account and how to reset your password, /etc/passwd storing user information and /etc/shadow storing password information and that person didn't do it with an encrypted home. As I stated before the problem with that is if your homedir is encrypted it is using your old password as the passphrase to unlock your homedir. Because you reset your password, the passhprase used to unlock your homedir isn't the same anymore and so that's probably what's causing login loops.
nntn said:
I don't remember either if I encrypted my homedir. What else is there that Mint will let the users do to recover files?
Click to expand...
Since you were able to reset your password, I'm assuming you were able to get access to your system like how explained in that video. Can you share the output of the following command?
Code: 
lsblk
That way I can see your partition setup and if you have an encrypted partition it should show up.

I actually just did an installation of Mint in a virtual machine and when I select the option there to encrypt, it encrypts the entire partition where both the root and home partition are located on and you have to enter a passphrase at boot which is different from what you describe. So I would be curious to know what Linux Mint version you have installed.
 
Linux version is 20.2

Results of 'lsblk'

NAME; MAJ:MIN; RM; SIZE; RO; TYPE; MOUNTPOINT
nvme0n1; 259:0; 0; 238.5G; 0; disk;
|__nvme0n1p1; 259:1; 0; 512M; 0; part; /boot/efi
|__nvme0n1p2; 259:2; 0; 238G; 0; part; /

Can you read the above? The spacings are gone after I saved the post, so I put the semicolons there.
 
What kind of encryption is this using? It sounds like symmetrical encryption, perhaps AES256.

Signed,

Matthew Campbell
 
nntn said:
Linux version is 20.2
Can you read the above? The spacings are gone after I saved the post, so I put the semicolons there.
Click to expand...
Yeah I can read it but it doesn't show me anything about in an encrypted homedir, but I was able to install a virtual system with Linux Mint 20.2 that has an encrypted home folder and when I change the password of my user I get a login loop as well. I see this in the system syslog.

Jun 14 08:28:44 mint lightdm: pam_ecryptfs: Passphrase file wrapped
Jun 14 08:28:44 mint lightdm: Incorrect wrapping key for file [/home/tux/.ecryptfs/wrapped-passphrase]
Jun 14 08:28:44 mint lightdm: Error attempting to unwrap passphrase from file [/home/tux/.ecryptfs/wrapped-passphrase]; rc = [-5]
Jun 14 08:28:44 mint lightdm: pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [-5]
Jun 14 08:28:44 mint systemd[1]: Stopping Session c14 of user lightdm.
Jun 14 08:28:44 mint systemd[1]: session-c14.scope: Succeeded.
Jun 14 08:28:44 mint systemd[1]: Stopped Session c14 of user lightdm.
Jun 14 08:28:44 mint systemd[1]: Started Session c15 of user tux.
Jun 14 08:28:44 mint lightdm[2522]: Signature not found in user keyring
Jun 14 08:28:44 mint lightdm[2522]: Perhaps try the interactive 'ecryptfs-mount-private'
Jun 14 08:28:44 mint pulseaudio[2457]: Unable to set sw params: Permission denied
Jun 14 08:28:44 mint pulseaudio[2457]: Failed to set software parameters: Permission denied
Jun 14 08:28:44 mint pulseaudio[2457]: Error opening PCM device front:0: No such file or directory
Jun 14 08:28:44 mint lightdm[2502]: Error writing X authority: Failed to open X authority /home/tux/.Xauthority: Permission denied

When I then change it back to the old password I am able to login with that user. So that verifies again that your original/old password is used to decrypt your homedir and when having changed that it caused the login loop. I also tested this out on the latest version of Mint, 21.3. And there when I do the same and try to login with the new password I am able to access the homedir because the encryption is done differently and not with the user's first/original password.

So long story short, with Linux Mint 20.2 and you have an encrypted homedir and you change the password because you forgot the original one you will have no way to regain access to your files because the homedir is encrypted and uses your old/original password as a passphrase and causes a login loop because the home folder can't be decrypted.
 
Last edited:
f33dm3bits said:
When I then change it back to the old password I am able to login with that user. So that verifies again that your original/old password is used to decrypt your homedir and when having changed that it caused the login loop. I also tested this out on the latest version of Mint, 21.3. And there when I do the same and try to login with the new password I am able to access the homedir because the encryption is done differently and not with the user's first/original password.

So long story short, with Linux Mint 20.2 and you have an encrypted homedir and you change the password because you forgot the original one you will have no way to regain access to your files because the homedir is encrypted and uses your old/original password as a passphrase and causes a login loop because the home folder can't be decrypted.
Click to expand...

So it would have been easier to retrieve the old password instead of resetting it. I trust your observations but there must be a way to recover these files. Thank you so much. Your time is appreciated.

Anyone with other ideas please let me know.
 
nntn said:
So it would have been easier to retrieve the old password instead of resetting it. I trust your observations but there must be a way to recover these files. Thank you so much. Your time is appreciated.

Anyone with other ideas please let me know.
Click to expand...
Encryption works with keys or key-pairs, during the installation a key is generation that is used to encrypted something, in this case your home directory. They require a passphrase to be put on that key, in this case with the Mint 20.2 installation they made it the same as your password at the time of installation. You don't have that password anymore which was used as passphrase so there is no of getting access to your files back. The only maybe option would be if you had some known dictionary password would be to have some brute-force tool try all dictionary words to try and unlock it. Not my area but still chances would still be close to zero. That's the idea of encryption that if someone steals your laptop and it is encrypted they have no way of getting to your files, otherwise encryption would be pretty pointless.
 
You must log in or register to reply here.

Members online

Total: 654 (members: 4, guests: 650)

Latest posts

Top