brute force truecrypt - full drive encrypted

brute force truecrypt - full drive encrypted (Solved)

I have spent a few hours researching this and have not found the answer. If it has already been addressed, please forgive me and point me in the right direction.

I have an external drive that has been encrypted with truecrypt (the entire drive, not just a partition). I have generated a password list (not very long, but too large to do manually).

I have tried to run:

~true.crypt.brute - does not work for this application
~TCBrute - Have not been able to get it to run. I am using windows XP SP3
~OTFBrutus, and OFTBrutusGUI -Have not been able to get these to run. I am using windows XP SP3

Will any of these work, and how do I get them to run?

Any help will be greatly appreciated.

 

As far I know this is intentionally not allowed by TrueCrypt.

 

You need to provide more information. What does "Have not been able to get it to run" mean?

For TCBrute and OFTBrutusGUI all you do is run the exe file and fill out the form with the correct parameters for your container/header then press the Start or Go button (whatever it is called).

For OTFBrutus, you run it from the commandline with the parameters for your container/header.

 

tateu, thanks for your response. Sorry I was not clear enough. I only need one program that I can use.

When I run true.crypt.brute (1.9b), in the "select a partition" box, I am asked to enter a device path. I have only one device path shown in the box, and that is for my C drive. The external drive is not listed in the box. Can I just enter the the device path manually (I am not sure what the device path actually is, but I think I can figure it out).

"Have not been able to get it to run" for TCBrute means I get an error message when I try to run the executable. The error message is

I attempted to launch the application from the command line as follows:

As far as OTFBrutus, this is what happens:

 

Rather than troubleshooting all of your various command-line switches, I suggest you focus your efforts on OTFBrutusGUI. It runs fine under Windows XP SP3. You merely extract the contents of the downloaded zipfile, double-click on "OTFBrutusGUI[version#].exe" to open the user interface and then fill in your various parameters. It's an excellent program. If you can't get it to run then check your security programs, perhaps something is blocking it.

 

It seems the problem is with the computer that I was trying to use. I have another computer, also WINXP SP3. I tried OTFBrutusGUI on that computer and it immediately started up. When I was using the original computer there was an error message:

Regardless. I have a working program and it is running right now. I will see if I can get the drive open.

Thanks for your help.

 

This will be one of those times that if you do succeed, it will be good to retrieve the material, but a failure in the sense that you didn't secure it well. If you used truly secure measures with your passkey, you won't ever see the data ever again. Those programs only work well with fairly simple passwords.

 

It's designed to help recover a partially-forgotten password, not to brute-force a completely unknown password from scratch.

 

No success so far. I have three passwords that I routinely use, with variations. So far I have determined (as best I can) that the short password was not it. 7-9 characters. Now I am trying the intermediate length password 16 to 18 characters. I hope it is not the long one. 43-45 characters. I knew that it was unlikely that that the data could be recovered if there was a problem opening the drive. The data can be reconstructed, it is just a lot of work. This is not national secret level data. I just wanted to keep out prying eyes. I guess it worked. I see that I need to work out a system for generating/remembering passwords so this does not happen again.

 

I use the same method for longer passwords. use 3 or 4 main ones and shift things around and add on a litlle something. no passwords is the same. (All of them are 64 chars.) I recommend reading https://www.grc.com/haystack.htm for help remembering passwords. I use it for online passwords that I don't use LastPass for. Offline stuff is completely random and at least 30 characters.

 

Thanks for the GRC Haystack link. It's quite helpful.

Since you are advocating the use of entropy to make passwords stronger, note that GRC Haystack page says "Virtually everyone has always believed or been told that passwords derived their strength from having “high entropy”. But as we see now, when the only available attack is guessing, that long-standing common wisdom . . . is . . . not . . . correct!"

 

Yes. High-entropy is not needed but it is more secure. I work in the private sector and I am slightly more paranoid so I use high-entropy passwords for everything except a few things. I also have been able to memorise the passwords I don't store in KeePass or LastPass. It's really a choice. If you are like me and can remember a high-entropy password (64 Characters) than you should (it is more secure than haystacks is. But if you are like the 98% of the world than you should use haystacks as it is secure (so long as your pattern isn't compromised).

 

I entered my long password with no upper case and no variation in haystack:

8.47 trillion trillion trillion trillion trillion trillion trillion trillion centuries in the massive cracking array scenario

I think that is ridiculously long, went with my short password upper case, lower case, numbers and symbols and appropriate padding:

1.21 hundred trillion centuries in the massive cracking array scenario.

Looks like I have the start of a system.

Thanks for sharing x942.