Is it faster to recover truecrypt or Rar encrypted archive password?

Discussion in 'privacy technology' started by xerxesster, Dec 10, 2012.

Thread Status:
Not open for further replies.
  1. xerxesster

    xerxesster Registered Member

    Joined:
    Dec 10, 2012
    Posts:
    3
    Location:
    Laos
    hello,

    I am a new member but a regular google stumbler at wilders. I do not know much about cryptography other than the basics. I was looking for some expert opinion/advice on how to go about recovering a password I had set 5 years ago on some old data that I need now. I have been going at it myself for a few months now with no luck.

    I had the data in two seperate containers. A rar encrypted file (with names encrypted) and a truecrypt container.

    I have been using crark & rar password unlocker (60M pass/s) to try and recover the password but am not much progress. Added a bunch of GPUs to get it cracked faster as well. Have not tried it on the truecrypt container yet.

    I know the password is >10 & <20 chars and has all UPPER, lower, numbers & symbols in them ( I was paranoid and had chosen a strong password). I have exhausted 1-8 chars already so I'm thinking of how to optimize it further.

    So what I want to know is which file should I attempt to crack. Which is more feasible or faster to brute-force/dictionary? Rar or truecrypt?

    From what I've read, rar & truecrypt can't take advantage of oclhashcat's hash abilities. Is that correct? If not, how do I go about it?
     
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,414
    *SIGH* I ABSOLUTELY HATE THESE THREADS...

    I REPEAT YOU ARE NOT GOING TO BE ABLE TO BRUTEFORCE A 20 RANDOM CHARACTER PASSWORD IN 100 YEARS.
     
  3. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    lols , good luck with that youll need it
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The entire human race will die out before you get into it.
     
  5. xerxesster

    xerxesster Registered Member

    Joined:
    Dec 10, 2012
    Posts:
    3
    Location:
    Laos
    what about this article?
    http://heim.ifi.uio.no/hennikl/pass..._Gosney_Password_Cracking_HPC_Passwords12.pdf
    Also what about the success of other people recovering their passwords?

    Anyway this is not a pure bruteforce but a dictionary attack.
    As I vaguely remember some parts of the password. And I know my pool of words based on which I generate passwords. However I have done symbol substitutions as well. Crark allows for all of this but gets a speed of only 1500 p/s compared to the bruteforce of 600M p/s. And given the long list of passwords generated is quite big, i figured i could try the brute force method.

    Further I thought that with GPUs it is now possible to do some sort of brute force. Anyway my original question still stands,

    Comparing, RAR vs Truecrypt, which has a faster attack surface? (given the available applications & GPUs: igb, tarteus' app, crark ...etc.)

    Suggestions, Ideas?
     
  6. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    "faster" attack surface id say , none , but winrar isnt as secure as a tc container atleast in my paranoid eyes , so you might get lucky in finding a backdoor with a hack,try http://www.hackforums.net/ , thing is once you do , theres still the tc container , and that my friend is the end of your recovery attempt youd have to get real lucky even with knowing a couple of characters from your passphrase and using dictionary attacks ,heres a

    program https://github.com/magnumripper/magnum-jumbo ,

    1. Compile and run rar2john on the RAR file.
    2. Run john on output of step 1.

    , once again good luck , hope i was able to help abit
     
    Last edited: Dec 12, 2012
  7. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Sorry, I'm not familiar enough with the various types of encryption used by 5-year old RAR files to make any sort of factual comparisons with 5-year old TrueCrypt containers. However, if you are actually able to run at 60M pw/sec on a RAR file (wow!) then I think that is almost certainly the weaker of the two.

    One of TrueCrypt's primary design attributes has been its use of key hardening techniques to significantly slow down brute forcing attempts on the password. The fastest theoretical brute-forcing speed I've ever heard of (for a non-govt agency) is around 27,000 pw/sec per gpu.

    However, even at a bruteforcing speed of 60M pw/sec the task is still far, far out of reach. It will take thousands, millions, billions of years or more. The dictionary attack will be a far better bet if you are able to narrow things down sufficiently.
     
  8. bluehour

    bluehour Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    5
    10 character random password with full character set, even at 600M/s - brute force time needed - 1800yr give or take...
    20 char - you don't want to know.... something like 60 billion trillion years, give or take...
     
  9. xerxesster

    xerxesster Registered Member

    Joined:
    Dec 10, 2012
    Posts:
    3
    Location:
    Laos
    http://www.wolframalpha.com/input/?i=8^63 / (600 million * (3600*24*365))

    is this how you calculate it? I don't get it though. The answer doesn't make sense. I am guessing you have to do 8 permutations 63 to get the right number.

    /edit I think i got it
    http://www.wolframalpha.com/input/?i=63^10 / (600 million * (3600*24*365))
    the powers are the other way around, and this makes more sense. so for a 10 char password it's about 52 years.
    and for 20, it's 5x10^19 , and a 10^18 is exa unit in SI. (what is it in trillion terms, what are those units called?)

    Now if we use the GPU monster that can do 24billion/sec, then those times do reduce drastically!
     
    Last edited: Dec 20, 2012
Loading...
Thread Status:
Not open for further replies.