Hidden TC volume: program to bruteforce wordlist for hidden volume password?

No, there is no comparison that takes place. The password is transformed into a header key along with the header salt using PBKDF2 through HMAC-SHA-512, HMAC-RIPEMD-160 or HMAC-Whirlpool (and HMAC-SHA1 in the case of older TrueCrypt volumes). The header key is then used to decrypt the header to find the volume keys. http://www.truecrypt.org/docs/header-key-derivation

All four PBKDF2 functions and all encryption algorithms have to be tried for each attempt of mounting a volume until the header is correctly decrypted. It is the PBKDF2 transformation function that takes up the vast majority of time involved in brute force cracking a TrueCrypt password and there currently is no way around that.

But, as I stated earlier, if you have access to do a memory dump you can just grab the volume keys directly and use those to decrypt the data.

 

I've searched for this three times before asking my question. After my last post, search #4, I found the Truecrypt FAQ data. DNS issues.

Truecrypt Encryption Scheme

Between the technical doc and your explanation, perfect understanding, thanks.

Clustering will be the only way to improve the brute forcing of TC then.
Do you have plans for accessing the graphics card or distributing the work? ATI or Nvidia?

 

Accessing the graphics card? No, no plans. I know next to nothing about GPU programming but my understanding is that the actual decryption and hash functions would have to be rewritten to take advantage of the GPU. I did not write those functions. I am currently using the TrueCrypt library functions to do the decryption and the Crypto++ library for the PBKDF2 hash functions (it is about the same speed as the TrueCrypt library for RipeMD160 and SHA1 but it is 3x faster for SHA512 and almost 3x faster for Whirlpool).

The work is already distributed to multicore processors running on a single machine. I can run 16 simultaneous threads on my machines at work. Creating a multi computer client/server system is definitely something I would like to do but I don't see it happening any time soon. At the moment, the best you can do is manually start TCBrutusGUI on multiple machines with the same parameters but change the Password Start and End Index values so they each run through a different set of passwords.

 

so they cant break it cuz no thing could tell them which algorithm is used, it could be any thing , right or every algorithm has its own signature

 

so that mean it hard to crack unless there is signature for every algorithm, right./

 

As much as possible, encrypted data is meant to mimic random data. However, I can imagine that a highly competent attacker might be able to discern which algorithm was used by observing various patterns in the data.

 

@ dantz
right that is pssible but how the algorithm DES cracked any why its unsecure now how its get cracked what they mean by plain text , one more question why sometime they say about algorithm that 8 of 14 round cracked how they make the algorithm round 8 not 14 ?

 

I'm sorry, but I can't answer all that! You're asking for a basic education in cryptography. I know a fair bit about how TrueCrypt works, but I'm no cryptologist.

 

I'm kind of disappointed that we haven't heard back from the OP. A simple followup reply would be appreciated, especially considering the fact that tateu put in a great deal of extra work getting his program ready.

 

Thankyou programmer Tateu. Don't have any use for this myself, but always good to see new programmes testing out insecurities of popular encryption software

 

I'm the OP of this thread.

Because of the holiday season, I did not work on the TrueCrypt volumes until now. I'm happy to say that today I was able to use Tateu's program to successfully find the password for 2 separate TrueCrypt hidden volumes where users had partially forgotten passwords. In both cases, I generated a word list of around 150,000 possibilities, and Tateu's program very quickly tested through the list and found the passwords.

Tateu, your program is very well done. As others here have written, it is significantly better than other brute forcers. I've used several before, and your program has the advantages of being massively faster, capable of working on all types of TrueCrypt possibilities (I'd made my post specfifically because I needed the ability to crack hidden volumes; that your program also does devices will certainly also be useful in the future), has good reporting/updating/feedback of information, and is surprisingly easy to use.

I used the command line version. I actually found it easier to use than the GUI.

[Fyi, for Tateu, what I mean about the GUI: I'm sure I'm stupid and missing something, but when the GUI version finds the correct password, I couldn't find where it actually outputs the information. With the command line version, it just outputs directly. Also, when inputting the parameters and files to use, the GUI was a bit cumbersome as it gave me troubles in resizing to fit the screen. But regardless of my GUI issues, the program itself is excellent.] [Update: I looked at the GUI again just now (a new version?), and realized that my not seeing the output actually is because of the mis-sizing problems. The output is there, but I just can't see it because the window is sized strangely and the bottom line ("Start"... "Save Word List" covers the output box on my screen.]

The password generating function seems to work quite well for certain situations. However, in the case of the pasords I was working on, it required more flexibility to fit the exact situation. Realistically, I don't think there's any way to write in advance a program which could fit every situation of partially-remembered passwords. So for anyone who faces a similar need to custom-generate a list of possible words from a partially-remembered password, I find a Python permutation-generating module posted here to be useful:

http://mail.python.org/pipermail/python-list/2006-December/1064842.html

Thanks again, Tateu. Your program really is a great tool and is clearly the best out there at what it does.

 

tateu.

there I was with the same issue as one of the other subscribers - a few badly placed / forgotten characters, and like everyone else had all but given up hope of recovering the partition. And then I downloaded your 'beta' work....

...staggering my friend! Took me longer to set up the 'rainbow' filter than to find the password - which was just 3 1/2 minutes on what was (or I thought was!) a 'pretty hard to guess'.

I am long past coding :-( but I recognise excellent work... and this is such good work I needed to sign on and drop you a word of thanks and my commendation!

 

Pritchard & Tateu,

Thanks for helping me also recover a password. The program and python script saved the day!

 

DES was never "cracked." Rather, it was brute forced because its keylength is a measly 56 bits. The algorithm itself is still secure.

Plaintext is the data that is being encrypted before it is actually encrypted.

Crypto algorithms have rounds where a number of operations take place over and over to make the cipher stronger. When cryptographers do cryptanalysis of a cipher, they usually start by using reduced round versions of the cipher for simplicity. So, when you hear that a cipher has been "broken" it almost always means that only a reduced round variant has been broken. AES-256 has 14 total rounds, but only 11 have been broken and those attacks are not practical against typical disk encryption schemes.

This script doesn't "test the security" of Truecrypt. It's a brute-force password cracker, nothing more. And it's designed so that people who remember part of the password are able to enter it, which means the success you see in this thread wouldn't be possible unless the people remembered parts of their passwords. I don't see how this affects the strength of TC at all.

 

Congratulations tateu. I was on the TrueCrypt forum for years, and I don't remember ever seeing as much success as I've seen in the last few months since you've introduced this program.

Very impressive.