TrueCrypt cracking in the future

If your entire disk is encrypted then there is no "pre-loaded" software that could allow access to the data. Everything on the disk is encrypted so without the password, the only software that can run is the bootloader installed by Truecrypt.

Are you concerned about covert and/or malicious things or something openly installed by the manufacturer?

 

Yes. If the netbook is ever stolen, then I want my personal information on it to be permanently locked, even if the thief is computer-savvy. And I know that some computers come with pre-built recovery software, and I just wanted to check that it can't be used to bypass the encryption.

 

Time is a lifeline. Without the cold boot attack applied, the latest full disk encryption is sufficient to withstand whatever cracking/brute force attempt by your adversary.

Let say your encrypted hard disk is stolen/confiscated:
1. Change all logins/passwords of anything you possess (emails, domains, etc)
2. Keep tabs of latest news on the encryption mode whether it's been broken.

Remember that your adversary may use threat and intimidation to break you into giving passwords. This was what I experienced in the past. Learn deep sleep method (no drugs, no alcohol, just extreme long hours sleeping) - it causes significant short-term memory looses. I look like a sleepy, dumb and confused person. No amount of interrogation can break it.

 

can

but true crypt can not generate a random 64 charater password, can it?
can not find in the dialog tools ->keyfile generator to possibility to generate a random 64 charaters

i tried the 3 mixing method

 

Re: can

It can generate keyfiles. You can either use the keyfile as a keyfile or you can open it in a hex editor and use the hexadecimal characters themselves as a password -- that is if you can remember them.

 

Re: can

i did
i create a keyfile ,moving random the mouse
i saved the keyfile
i open it for example with notepad , but it doesn't include 64 charaters
but from the guide

what's wrong?

 

Re: can

The keyfile is a binary file, don't use Notepad, use a hex editor such as HxD.

 

Re: can

got it
and with a hex editor i can find 64 characters ,can't i?

thanks a lot

 

Re: can

TrueCrypt passwords can consist only of the printable ASCII characters. What are you proposing here? You can't use all 256 hexadecimal values, so I assume you are referring to building your password only from the character set 0-9, A-F?

 

Re: can

from the beginning of the tread

is the true crypt keyfile generator able to create a random key file with

?

the point is that i tried to open the key file, but i did not find 64 character

am i clear?

sorry my english sucks
thanks

 

Re: can

mantra,

The keyfile consists of 64 characters but not all of them are printable, therefore that's probably not a good way to generate random passwords.

P.S. I just noticed Notepad on Win 7 doesn't destroy non-printable characters when saving a binary file! Disregard that, not true.

 

Truecrypt has potential to be cracked in a few seconds IF someone begins brute force now on your password and then in the future creates a time machine and travels back to our time and reveals the password.

 

Re: can

Yes. Pick, say, 20-30 characters from the hex string. Or, you could actually use the printable characters shown in the hex editor (right of screen). But, of course, it would be impossible to remember for most of us.

Each TC keyfile is 512 bits of random data. If you open it with a hex editor, you will see printable characters (A-F, 0-9). For instance, I just created a keyfile using TC, then opened it in a hex editor:



I don't think this is an optimal way to create passwords, but it certainly can be used for that if you can remember hexadecimal strings. And, it's a way to use TC itself to create strong random passwords in case you don't want to use another method for such a purpose.

 

Re: can

Well, you're excluding other printable characters this way, so a password consisting of only [A-F] & [0-9] is not truly random, correct?

mantra wants a random 64 character password.

 

Re: can

Randomness has nothing to do with the character set. Randomness can entail anything -- particle decay is random, flipping a coin is random, quantum vacuum fluctuations are random. In the case of a coin flip, there are only two possible outcomes (binary - 1, 0). Since I think we can agree that a fair coin flip is random, it follows that any character set (including hexadecimal) can be random. Instead of a binary proposition, as in a coin flip, we have a base 16 proposition (hexadecimal).

All that said, I think the wrong question is being asked. Instead of saying "I want a 64 character password," one should instead be asking, "how strong of a password do I want?" One should look at the entropy of the password instead of its length. In order to get 128 bits of entropy in a hexadecimal string, one needs 32 randomly generated hexadecimal characters. This is easily done by using TC to generate a keyfile and then reading the file with a hex editor.

 

Re: can

True, but TC generates the keyfile based on a different character set, doesn't this affect the randomness of the equivalent hex values?

 

Re: can

TC just creates 512 bits of random data and pipes it to a file it calls a keyfile. There is no character set. The hex editor reads the raw data and encodes it to corresponding hex values.

Really, I am not sure how we got off on this topic. You can use TC as a password generator if you want, but there are other alternatives as well. Any will work.

 

Re: can

Thanks for explanation.

 

i guess i did a mess
sorry

in short the truecrypt keyfile generator creates strong password,right?

impossbile to crack



i think the confusion was made by the first post https://www.wilderssecurity.com/showpost.php?p=1820729&postcount=1
i quote FileShredder (the author)

and i guess he was refering about a random keyfile generate by true crypt


thanks

 

It doesn't create a password. Rather, it creates a file that can be used as a password alternative, or preferably a password supplement. If you use a TrueCrypt-generated keyfile as intended then it provides very strong protection against a brute-force attack. It's basically the equivalent of a 64-character fully random password.

However, a keyfile alone does not provide the same security as a 64-character random password that you don't write down, because the keyfile is just an ordinary file that, if found, can be tested against your volume.

I would never say "impossible to crack". There are capabilities out there of which we know nothing. There are also plenty of known present-day methods for stealing somebody's password or encryption key.

 

I am not saying you don't know what I am about to say, dantz, but some here may not. So, I just want to give a little computer 101 lesson so that people understand why TC can be used as a password generator:

The most fundamental quantity of information to a computer is a "bit." A bit can either be a 1 or 0 (known as binary). Binary is ultimately what the machine, at its lowest level, understands and is why most programming languages must be compiled before the machine understands the code. As I type these letters on the keyboard, the machine is decoding them from ASCII back to their binary bits for processing.

TC's RNG when it creates a keyfile essentially just generates 512 0's and 1's at random and places them into a raw binary file. Since our text editors cannot understand binary, one must use a hex editor to "read" these files. A hex editor simply reads the string of 0's and 1's and encodes them to base 16 (as well as to other formats like decimal, octal and ASCII).

Now, there are 8 bits in each hexadecimal value. For instance, the hex character "CF" has eight 0's and 1's in it (CF = 11001111 to be exact). If you open a TC keyfile in a hex editor, you will see 64 hex values (which are just binary numbers encoded to base 16). Since there's 8 bits in each value, that means there's 512 total bits (64*8=512), just as TC claims there is.

The reason I went into this little rant is twofold:

1) TC's random keyfiles don't have a "character set" other than 0's and 1's. These binary files can easily be converted into hex, octal, ASCII, etc. with any hex editor.

2) If you can remember a hexadecimal password, then TC can indeed be used as a random password generator. As for strength, if you select 64 characters (that is individual characters, which means one would count "CF" as two printable characters), then your password would have 256 bits of strength. 32 characters would equal 128 bits of strength. If by some miracle you can remember all 128 individual characters, then you would have 512 bits of password strength. If you don't want to use hex characters (A-F, 0-9) then most hex editors can convert binary into printable (ASCII) characters. I have found that when TC generates a 512 bit file, I will typically see around 15-20 characters that are printable on a standard keyboard. One could use these 20 characters for a password and get at least 128 bits of strength.

That's true. The idea here is, however, to use the keyfile itself as a password one remembers. After one remembers all or part of the keyfile, one can destroy it and use it as a password. Of course, the practicality of remembering such a string is a different issue all together.

 

It's an interesting approach, but I think the advantages are outweighed by the disadvantages.

Passwords that consist only of hexadecimal numerals will be based upon only 16 symbols (0-9, A-F), as opposed to the 95 printable ASCII characters (0-9, A-Z, a-z, plus 33 nonalphanumeric symbols) that TrueCrypt accepts. It's obvious that for a given length, a password generated using all 95 symbols will be much stronger than a password generated using only 16 symbols. Among other things, this severely limits the maximum strength of the longest possible password that TrueCrypt will accept. And for all password lengths, a comparison of the brute-forcing times is absolutely off the charts! The passwords based on 95 symbols are massively stronger.

Yes, but a password of the same length based upon the printable ASCII characters would have over 420 bits of strength. And an ASCII-based password would only need to contain 39 characters to attain the same bit strength as your 64-character password.

So what's the advantage of using the hexadecimal representation of a keyfile as a password source? Are you perhaps attempting to combine convenience with subterfuge? I suppose the password can't be forgotten as long as you remember which file it's "stored" in, and not many forensic examiners would think to look there (or at least, not yet). However, in that case I would suggest NOT using a TrueCrypt-generated keyfile as the source, as they're too easy to identify.

 

TheMozart is right on the money here. Nothing more to say really.

 

That's true, but if you look at the post above, where I provide a screenshot of a hex editor, you will see some ASCII characters in the box on the right side. One can use these as a password. There's roughly 20 ASCII characters there which would provide about 138 bits of strength. That should be plenty for almost any use.

Well, if you consider 256 bits "severely limited" then yeah. But in truth, all of the computers on earth would spend many, many times longer than the age of the universe to brute force a 256 bit password.

And swimming across the Pacific is massively harder than swimming across the Atlantic.

As I said before, a 64 character hex password provides 256 bits of strength. High-end GPU's can crunch passwords at a rate of around 1 billion passwords per second (depending on the hash, etc.) If you compressed these GPU's down to 1 square inch in size and then put one on every square inch of the earth's land surface, it would still take them 9.36 X 10^42 years, on average, to find the password. For reference, the age of the universe is only 1.37 X 10^9 years.

As for ASCII being better -- yes it definitely allows for shorter passwords, but I think both ASCII and hex passwords are difficult to remember. Indeed, any password that is random will be tough.

If someone didn't have another means of generating a secure random password, then they can use TC. That was really my only point in all of this.

I am not really sure how subterfuge has anything to do with this.

The file doesn't have to be stored anywhere but in your brain -- that is if you can remember it, which is difficult for most of us.

The file can be destroyed after one uses it as a means to generate a password.

Again, I think long random passwords, while effective, will not be used by most people because it's just too hard to remember randomly generated arbitrary characters (unless you're Kim Peek). A better method is diceware or creating your own long nonsensical sentence that you can remember.

 

Hi everyone, thanks for continuing the topic.

I know about other methods of getting the key (I refer of course to the $5 wrench cartoon), and evil maid keylogging.

256 bit seems enough, but will fall be defeated right away if the password is "password" or "1234". So by using 64 characters, is my password the same bit strength as the key, i.e if each character encrypts 4 bits of data, and 64x4 is 256?