Truecrypt password - brute force

Assuming the algorithms are properly implemented in Truecrypt (i.e. no design flaws), how difficult would it be to brute force a password such as: W/i/l/d/e/r/s/s/e/c/u/r/i/t/y
I know it looks weird but it's just a password that is a word, but has the same character separating each letter. I assume it would be much harder to crack?

Also, I read that since Truecrypt hashes the password, it makes it extremely difficult to brute force since only a few passwords per second can be tried. And, using a salt renders rainbow tables useless for cracking Truecrypt passwords.

So, if someone obtained a truecrypt container file that had the above password, and assuming that person was a hacker (or wannabe) and not a gov't entity with unlimited resources and massive computing power, is it extremely unlikely that it would be broken?

disclaimer: I'm very naive with concepts such as hashes and salts.

 

First question would be does the person who will be attempting to brute force the password know what character set you are using? If so, that helps. Otherwise with that they would need to do the 96 character set. (Letters upper and lower, numbers, and common chars). And unless they have an idea of how many characters, your using, they'd have to start low so that would take awhile to brute force. (like... years.)

 

I was thinking of a scenario where a truecrypt container was obtained by a hacker from a complete stranger so the hacker knows next to nothing about the password.
If the file was one of many, and thus not targeted because there is something of interest in it, then I would it would be much to big an effort to try and crack it beyond a typical brute force based on dictionary list..which wouldn't be effective against the password above, right?

 

Yea, I doubt a dictionary would be very effective there.

I'd shy away from repeating characters though.. at least ones that repeat that much. Then again a password of "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" (64 of em) would be as strong from a brute force capacity as "Zippu1DoDah%2" At least until doing full password fields becomes a standard attack. If ever.

 

IMHO, the password you are providing (W/i/l/d/e/r/s/s/e/c/u/r/i/t/y), still being more secure than just "Wilderssecurity" (and not just because of the greater length), is not as secure as a password made of random charachters and of the same length.
A simple dictionary attack, in fact, might quite easily get the password "Wilderssecurity", but would probably not get the password "W/i/l/d/e/r/s/s/e/c/u/r/i/t/y"; on the other hand, it wouldn't take much to manipulate the words in the dictionary adding appendix and/or postfix, and also adding charachters between the letters (if I dont remember wrong, John The Ripper does that just wonderful), making it possible to guess that password with a dictionary attack.
If you chose a pattern of "extra charachters" that repeated (example: W/i%l&d/e%r&s/s%s&.....), you would do it extremely harder to crack with this tecnique.

 

I'm totally unfamiliar with TrueCrypt. What does it do exactly?

I read posts about TrueCrypting your entire HDD. I'm not sure if I want to do that, but what other options does TrueCrypt offer?

 

TrueCrypt provides On The Fly Encryption. (OTFE)

You can do whole hard drives, or just make smaller containers of varying sizes. When you mount them they act like a virtual harddrive and anything written to them is encrypted.

 

How about a password like this?

*https://www.wilderssecurity.com#*

I would think that this would be incredibly difficult to crack.

 

Not really, if in the dictionary used for attack contains a list of internet addresses... and if it does, it is likely that it contains internet addresses to sites dealing with security. At this point, it only takes one charachter of appendix and two charachters of postfix to guess.

 

My TC password is 27 characters long, using numbers, spaces, letters etc.

My 27 long password is not contained in any dictionary.

I think I am rather safe for a few thousands years?

 

Based on the advancement of technology, I'd say a couple hundred years. Which is more than enough for any individual.

Do we have any math majors who can actually do a good plot out of this? It'll be an exponential curve I know.