are there some truecrypt forks ?

Discussion in 'privacy technology' started by mantra, Sep 3, 2013.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,156
    Hi

    i don't know if fork or forks is the right word , but i read here in this forum

    seeing truecrypt is a open source , i would like to know if there are other forks

    in short the same code (compiled) with some new features

    thanks
     
  2. sanesecurity

    sanesecurity Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    4
    Last edited: Sep 3, 2013
  3. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,156
    thanks veracrypt look very cool , do you try it?
    sadly it's incomaptible with truecrypt
    but it has some nice features
     
  4. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Diskcryptor is probably the most known. As you can see here, some can get pretty adamant about it being superior.

    There's also things like tcplay and cryptsetup, but they are really command line tools, so it may be more cumbersome than you're comfortable with. However there is another project called "zuluCrypt" that will allow you to manage your truecrypt volumes using a GUI interface as well as a CLI interface, which will work as a front end for those. It's supposed to give a "one stop solution" to easy management of LUKS,PLAIN and TRUECRYPT volumes.

    These are all mentioned here.

    Finally, Here's a thread with suggested alternatives to TrueCrypt.
     
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,156
    thanks
    more then an alternative i was looking for a trucrypt with more features seeing it's open source should be easy to add
     
  6. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Well, I haven't used those tools, but they may very well offer other features. That's the impression I got when reading about them.

    That's kind of like saying "seeing as how humans have known for decades proper ways to perform brain surgery, it should be easy enough to correct paraplegia."
     
  7. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Very interesting!!
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Despite TruCrypt forks, there is a new password cracking tool that has been verified to crack TruCrypt 5.0+. See the thread entitled "No password is safe from new breed of cracking software" in the other security issues & news subforum just posted.

    -- Tom
     
  9. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    1) You couldn't hyperlink it? :rolleyes:

    2) It's not new...it's an old tool that got updated

    3) You already posted about it a week ago. (That's why your new thread got merged.)

    4) This is not really a threat to anyone following good protocol. We already went into this here and here.

    5) This "No password is safe" fearmongering-for-attention is getting kind of old, no?


    As I keep saying, just do the math...

    This specific article claims "8 million guesses per second" (it doesn't mention what hardware is required, nor against which hash, but let's go with it)...

    Just to keep the numbers a bit more manageable, let's start with 10 characters (below mandatory minimum on most systems), just alpha/numeric (no special characters). So that's a 62 character keyspace, divide the total by 2 (law of averages), against 28,800,000,000 guesses per hour...

    Assuming it's random, (i.e. not "password12") that password will likely be guessed in... 1,663.38 years.

    Hmm.

    Okay, but 8 million guesses/second, that's pretty slow. After all, the 25 GPU cluster from last year could get up to 350 billion per second (granted, that was only against NTLM, and if you used an actual decent hash, that number plummets to the 364,000 range (all the way down to just 71,000 with Bcrypt)).

    But we're going all out here. I mean, 55 characters...we're going to need some serious computing power. As we did in my other post linked above, lets pretend there is a system out there that can make 100 Trillion guesses per second. That's 360,000,000,000,000,000 guesses per hour. (I'm pretty sure that even on the fastest (i.e. weakest) hashing algorithm, there is no system out there that can achieve this speed.) But let's just do the math.

    At that many guesses per hour, it would still take almost 32 years to crack just a 13 character random alpha-numeric password. Bump it up just one more character to 14, and you're looking at 1,966.29 years.

    Just 14 characters, at 100 trillion guesses per second.

    Wanna go for 55?

    60,493,166,731,760,900,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.00
    ...years.

    (And we're still just using letters and numbers...we haven't even allowed for the use of special characters.)


    Still think your passwords are in trouble?
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    No wonder the USA is in so much financial mess!

    We could have sent the FBI a link so that they wouldn't have wasted so many thousands of dollars and many months trying to help Brazil break into that suspected fraudulent banker's encrypted hard drives. Just think of the wasted time and money we could have saved. And man, after all their expenses and trouble they ended up with ZIPPO, only to send the still fully encrypted drives back with NO progress at all.

    Joking of course, but if you stop and think it through I could site no less than half a dozen high profile cases where TC stopped adversaries cold. What more proof do you need in combination with some smart folks examining the source code by line.

    I am just saying!!!!!!!!!
     
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi JackmanG,

    Thanks for the feedback. The articles are moved around so much here - its hard to keep track of where they are located - especially when looking in what is the obvious forum to post.

    Why don't you discuss your data with atom on the article's referenced forum and get his take on your comments?

    To find the hardware and hashes you need to go to the release notes link I recommended.

    -- Tom
     
  12. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    1) Any time a thread is merged or moved somewhere, a forwarding link is left behind...so in a sense, thread links will always be right where you originally found them, and you should have no trouble finding a moved thread. (I'm surprised you haven't seen this, given the fact that you know how often threads are moved).

    2) Using the search function, you can easily find all threads started by any given user (including yourself).


    I assume "atom" is a user here. I don't know him, but if you'd like to send him a link to my post and request his feedback, I'd be happy to read it.

    I've looked at every link you posted in that thread. They are all news articles and one forum thread. You'll need to point out which one contains "release notes".

    ...Regardless,

    1) I doubt the hardware needed to achieve even 8 million guesses is anything any average person could/would have,

    2) I'd be incredibly surprised if anyone but the highest level government agencies would have the hardware needed to achieve that speed on any decent hash.

    3) As I said, to my knowledge, there exists not a single system (nor array of systems) in the world that could achieve 100 Trillion guesses per second on any hash...let alone a cryptographically slow one.

    ...So I really think specs are moot. I already basically proved that unless your password appears in a dictionary, guessing 55 characters is a pipedream within a pipedream...from a pipedream.
     
  13. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi JackmanG,

    FYI, I do use the search function, but don't always find what I am looking for. And since the software is a new enhancement to existing software that now cracks TruCrypt, one would think that old theory arguments are no longer sufficient to understand what was done regardless, in order to reduce the search space set of possible solutions to the problem.

    Pipedreams aside (which in theory I couldn't agree more) there is a practical side to my recommendations so that anyone interested enough can put theory aside and get into the down and dirty of what looks like some new software techniques.

    atom is the developer of the software at the forum pointed to by the "release notes" link in the article referenced as the first link in my original post about the cracking software - obviously, you did not read it all the way down to where the Change Log starts, so I will post it for you here and recommend you read it for the information about the software and hardware. You will find validation for some of your comments. Yeah!

    release notes link.

    I just love it when someone posts about what is impossible due to theoretical arguments especially when something new breaks that seems to paint a new picture. That is not to disparage theory, but it sure would help if the "context" of the author (in this case atom) were considered in order not to confuse theory with practice. Sure, for a proper understanding of what was done, there may need to be some resolution between the two, but to do that - the context is always necessary in order to understand the issues painted in a new light.

    -- Tom
     
  14. tateu

    tateu Registered Member

    Joined:
    Dec 10, 2010
    Posts:
    60
    Location:
    Los Angeles, CA USA
    And directly from the above linked release notes:
    According to the above:

    You would need 35 2x hd6990's to get 8,000,000 p/s on PBKDF2-HMAC-RipeMD160.
    You would need 169 2x hd6990's to get 8,000,000 p/s on PBKDF2-HMAC-Whirlpool.

    And if you didn't know which hash was used, you'd have to try all 3, and you'd need even more than 169 2x hd6990's.

    And if you had to try 3x cascaded ciphers, it would even be three times slower.
     
  15. Valder

    Valder Registered Member

    Joined:
    Dec 28, 2008
    Posts:
    97
    VeraCrypt or DiskCryptor? The question.

    My main pet peeve with TrueCrypt is bad attitude on their "support" forums (forum rules).
    (For what it's worth: http://www.indiegogo.com/projects/the-truecrypt-audit )

    I am also looking for a software which is capable of producing 2 hidden partitions: C: for system, D: for program files. As it is supposed to be.
     
    Last edited: Feb 2, 2014
Loading...
Thread Status:
Not open for further replies.