Unable to decrypt dataset

Another shot in the dark: Perhaps there’s a “trailing space” at the end of your passphrase (or a “leading space” at the beginning) that may or may not belong?

And yet another shot in the dark, and this might sound silly:

Open up a text editor and just start hammering away, typing the “passphrase” really fast, over and over again, new line after new line. You might notice a pattern with a recurring mistake.

Thank you

I apologize for the late reply, I was unable to post more yesterday because of the new user post limit. At this time I have basically recovered all important data from back ups. I will try to use your script as well, since some of the backed up video was at a lower quality than the original. However, this is more a “nice to have” than a “need to have”.

Here is the link to the powershell script: Reddit - Dive into anything ](Reddit - Dive into anything

Again, thank you for the assistance.

1 Like

Keep in mind that you want to narrow yourself down to a small enough “passlist”, so that you can exhaust all of them without spending too much time.

In my example (8,912 passwords), I was able to “recover” my password in a reasonable time.

For you, perhaps only generate a list that changes the case combination of the first two letters of each “word”? (A common input mistake.)


Consider also that you’re trying to discover a “pattern” or quirk. Everything has been based on the assumption of “incorrect case”. It may have been something else, such as a “space” instead of “dash”. Or even hitting the “E” key instead of the “R” key.

This is why typing the passphrase over and over and over really fast in a text document, without regard to accuracy, might help you discover common mistakes, which can hopefully get you closer to pinpointing the missing passphrase. (Or coming up with a better “passlist” to use the script against.)

damn this super scary. Have you figured out the reason yet? If anything is corrupted OS, or really forgotten the password. Have you tried using another TrueNas or linux to decrypt the pool?

Given that I know for a fact I have had to decrypt this pool with the passphrase stored in the password manager in the past, my best guess is that I accidentally over wrote the passphrase stored in the password manager at some point. I have been making a lot of changes lately, and it’s possibly that I stored the password for something else over the passphrase for the drive encryption by mistake. I am not aware of anyway within in the password manager to see when it was last updated, so this is just a guess based on the available information.

Edit: This is for sure what happened. I found the modified date in the password manager that is after the creation date. Unfortunately when I went to look at the password history it did not show anything.

You can check the pool’s history for any hints that something was changed, and at what day/time.

For example, to see any time the userkey for an encrypted dataset was changed:

zpool history "Spinning Guys" | grep "change-key"

What password manager?

Bitwarden

Darn. :pensive:

I use KeePassXC, which keeps a history of every change for each entry.

EDIT: Are you 100% sure that Bitwarden doesn’t have a stored “history” or “previous copy” feature?

Bitwarden has a password history (Which I learned about approximately 5 minutes ago). Unfortunately it shows no history, even though it does show a date modified.

What about this, then:

Nothing
image

I think we can safely say that if someone steals your harddrives or server, they won’t be able to access the files on your dataset.

See? Encryption works! :smiley: :+1:

Yeah the big take aways: Encryption Works, and don’t lose the passphrase, backup everything important, and I need to pay more attention to where I am saving passwords in the password manager.

1 Like

I was gonna go down the exact same path using bitwarden randomly generated passphrase and store in bitwarden, and after a very long contemplation, i ended up using my secondary master password for my super important account instead, fingers crossed.

i don’t know if that makes me feel better knowing it’s not TrueNas’s issue. I was really afraid because I just ingested 80TB of fresh data and all encrypted using passphrase LOL.

It generally makes me feel better to have an explanation that makes sense. That way I can take steps to avoid this in the future.

1 Like

This is for a group of people, so we kind of needed something with the ability to share passwords that multiple people needed to know. Bitwarden is open source, has had a security audit, and the cost was reasonable. Knowing now that the password history feature may not always work kind of sucks, but I didn’t even know that was a feature until recently. So not the end of the world.

Backup encryption passkeys 3:2:1, Just like the data.

In all seriousness print them out and file them.

In my passkey tracker thing I actually keep a secure note, because I’ve been bitten by their propensity to replace passwords/keys.

And it’s the same reason I don’t use dataset encryption. I figure the only person who’s getting locked out is me.