How to Reset a Lost Password on a LUKS-Encrypted Disk in Ubuntu Linux

Posted 2015-03-28 to Ben Burwell's blog

Here’s the situation I recently found myself in:

I needed to reset my account password. Normally, with physical access to a machine, all bets are off when it comes to security. I tried booting up the machine into recovery mode by holding down shift as soon as the BIOS had finished loading. But when I selected the “Drop to root shell” option, I was prompted to enter the unknown root password.

My second approach was to boot into single user mode by editing the GRUB command script.

Ubuntu's GRUB menu

By going down to the recovery mode option and hitting e, you can edit the GRUB commands. By adding init=/bin/bash at the end of the line beginning with linux that specifies the boot image, you can specify an initial shell to use. Then I hit F10 to boot.

After waiting for about 30 seconds or a minute, I saw a message that waiting for the root device (the locked disk) had timed out. I was then dumped into an initramfs shell. From there, I was able to unlock the disk by running cryptsetup luksOpen /dev/sda3 sda3_crypt.

Next, I mounted the freshly-unlocked disk with mount -o rw /dev/sda3 /root, taking advantage of the pre-existing empty directory. From there, I used chroot to run passwd in the OS.

$ chroot /root passwd
$ chroot /root passwd myUserName

By running these commands, I successfully reset both the root password as well as the password for my account. From there, I was able to restart the machine and boot normally.