So I spent some time looking into this today and I don’t think it is a concern - firstly I have confirmed that the recovery password is cryptographically secure - this was added to the ubiquity installer in https://git.launchpad.net/ubiquity/commit/?id=0e4ca86842759767dac7c8dee31a3873e2944d6e and uses uuid4()
from the python standard library - which in turn uses os.urandom()
which is good enough for this purpose: https://github.com/python/cpython/blob/master/Lib/uuid.py#L715
With that out of the way, we can look at how to crack it - in this case, we use LUKS2 and so can use something like bruteforce-luks to try and crack it - unfortunately the version in the Ubuntu archive doesn’t know the newer LUKS2 header format so we have to compile it from source:
wget https://github.com/glv2/bruteforce-luks/releases/download/1.4.0/bruteforce-luks-1.4.0.tar.lz
tar xf bruteforce-luks-1.4.0.tar.lz
cd bruteforce-luks-1.4.0/
sudo apt install libcryptsetup-dev
./configure
make
Then assuming we have a suitable LUKS2 disk header in the file /run/user/1000/luks-header
(I put this under /run/user/1000
as this is a RAM-backed tmpfs and so will be faster than accessing a real disk) - we can try and crack it as follows:
./bruteforce-luks -m 16 -l 16 -s 0123456789 /run/user/1000/luks-header -t 8 -v10
ie. restrict bruteforce-luks to only 16 char long passwords using the chars from 0-9 and use 8 threads and report progress every 10 seconds - this shows output like the following:
Tried / Total passwords: 8 / 1e+16
Tried passwords per second: 0.800000
Last tried password: 0000000000000015
Total space searched: 0.000000%
ETA: more than 200 years :(
Tried / Total passwords: 24 / 1e+16
Tried passwords per second: 1.200000
Last tried password: 0000000000000031
Total space searched: 0.000000%
ETA: more than 200 years :(
So it would take more than 200 years to crack such a password using this technique.