Who Can Crack What, If Ever

A philosophical question. Say you are given a single *cry image file but not the software program that created the encryption. I don't care if the encryption was created by TrueCrypt, PowerCrypt, AxCrypt, or even snakeoil software. Is there an example where somebody has actually recovered the full image using cracking software without brute force of short passwords? I mean there is a lot of talk about this but I never see any tangible successes. It should be easy right?

Mr. Noatak

 

I don't know enough to give a techie answer, but if your password is pretty crappy, I suspect brute force will work pretty good. If you've got a very strong, random password with a mix of letters and numbers and such, well, unless you're NSA AND have some hefty technological firepower, you may want to go grab a lot of coffee and food, because you're going to be a while, especially if you stick to brute force tactics.

The short, serious answer is yes or no depending on the strength of that password.

 

Evidence security lockers are full everywhere with drives that cannot be cracked due to the passwords selected. Short of torturing you to get it, if you have a sufficiently long, highly randomized password (128+ bits of entropy or greater), your password will not be gleaned. That will change over time, which is why agents keep the drives. Eventually computing power will be there, but for now, it is not in many cases.

 

As said many times, if password you are using is sufficient enough, it's not possible to crack it in one's lifetime.

You have to either find implementation flaws or there must be a backdoor instead.

Bruteforcing simply can't work if password is long enough,obscure, senseless. Imagine 64 characters password written in your head only. Password which isn't logic to anybody in the world. Not even to you. Not even parts of the passwords.

For extra security you can also encrypt keyfiles with password as hard as is the one you use for your encrypted data.

 

Try cracking this kind of password, courtesy of GRC, namely 64 random printable ASCII characters:: -

DpvrbFqG=nU%y:k1[>lo*T,Tt\y#QkacXebyau-WN>%UVjR&VU2}d^"V66M:1q

Forget it, for the time being.

 

Jazz, too many different characters there. A bit too hard to memorize it in real time.

 

W1ld3r5&e(ur1tyR0ck$

70 bits entropy, took about 20 seconds to compose and shouldn't be too hard to remember