TrueCrypt take cover, Hashcat is coming!

Discussion in 'privacy technology' started by dantz, Jun 4, 2013.

Thread Status:
Not open for further replies.
  1. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    The next release of oclHashcat-plus is expected to include a new gpu-based TrueCrypt-cracking module that will apparently make it the fastest TrueCrypt cracker that is publicly available. They're listing speeds of roughly the 50K to 450K hashes/sec (very impressive!), although this will obviously vary according to the type and number of GPUs used, etc. (Hopefully I'm not misinterpreting their current results, but if so I apologize).

    http://hashcat.net/forum/thread-2301.html

    TrueCrypt volumes are hardly one of the low-hanging fruits. Hats off to the Hashcat developers for choosing to take on such a worthy opponent!

    I see nothing wrong with these types of cracking endeavors. If someone chooses to attempt to crack a TrueCrypt volume head-on through the use of massive processing power then I say more power to them. (Guys, just try not to overheat the planet too much, ok?) TrueCrypt was designed to resist exactly this type of attack, so I'm not worried about the security risks to properly set up volumes. They may gobble up the insecure ones, though!

    For those of you who may not want your volumes to be cracked by Hashcat users, may I suggest you ensure that your PWs are long and strong enough? Or add a keyfile? And remember, this new speed increase probably represents a mere fraction of what is already out there privately.
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    450k is not nearly enough for a decent password. If that were 450million, maybe that'd be something to worry about.

    I'll have to read the article.

    Sucks that TrueCrypt doesn't let you choose how many rounds of hashing to use. I think it's stuck at 1,000. I could easily do 1,000,000 on my system.
     
  3. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Agreed. But it's pretty fast for TrueCrypt cracking. Heck, just a few years ago I was trying to squeeze 4 pw/sec out of my old batchfiles!
     
  4. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Is this a joke? Just do the math...

    Claiming 50K to 450K hashes/sec is "worlds [sic] fastest TrueCrypt cracker" is like saying the current record holder in the high jump is "the world's best flying human".
     
  5. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    I don't quite get your analogy, but I do realize that the upcoming product will have basically no chance of cracking a properly-secured TrueCrypt volume. I was merely pointing out that we have a new contender on the way and that poorly-secured volumes will soon be at higher risk. Lots of users have highly inadequate passwords, you know.

    PS: Perhaps you were put off by my phrase "very impressive"? Just to clarify that for you, I mean that it's very impressive when compared to all of the other, significantly slower TrueCrypt crackers out there.
     
    Last edited: Jun 4, 2013
  6. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    That would be me. Have you seen me do my dolphin jump? It's very impressive. :)
     
  7. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I understood your point perfectly, dantz.
     
  8. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    My point is:

    a) Brute force is not a "crack" (just as jumping high isn't flying),

    b) TrueCrypt pops up a warning during volume creation recommending at least a 20 character passphrase. And if someone is using TrueCrypt, odds are they're a bit more security conscious, and won't be using "123456" as their key. No one is brute forcing a TC volume at 50k hashes/sec.


    Yeah, but again that's like being the tallest dwarf. Sure you're closer to the rim of the basketball goal than everyone else in your category...but that doesn't mean you're really any closer to slam dunking.


    As did I. I was simply offering a counterpoint.
     
    Last edited: Jun 5, 2013
  9. Tomwa

    Tomwa Registered Member

    Joined:
    Feb 3, 2010
    Posts:
    162
    [sarcasm]I do hope my random 63 character key isn't in danger![/sarcasm]

    Let me know when they start employing quantum computers, maybe then we'll see some concern.
     
  10. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Even then...if you're using a strong passphrase, it's not going to help in any practical sense.

    Again, just do the math. A quantum computer will reduce the complexity of an attack by a factor of a square root. So effectively it's only going to cut the keyspace in half. That's it.
     
Loading...
Thread Status:
Not open for further replies.