Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Brute Force AES/Truecrypt with a simple password

  1. #1
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    19

    Default Brute Force AES/Truecrypt with a simple password

    I just got truecrypt installed on my BT3 install and I have gone through the options and made a couple different types of file containers. Now I know from the prompts about making a strong password and all the posts of trying to brute force even a rar file that if the length is over 12 characters its going to take a while. How would I brute force a truecrypt container? Is there a specific set of tools needed for something like this. I have used rarcrack and its worked fine because I can set what characters that run against my file. I have not used anything else, nor have I cracked a hash file or .htaccess file, hence why I am asking for advice. For my test I have made two containers one AES and one Two-fish. The password is the same (open) for both containers. Search's for brute force, AES and truecrypt give me little go off of. I did see a post about JTR talking about Blowfish, MD5 and DES, but nothing about AES or the other forms that are in Truecrypt.

  2. #2

    Default

    Not that I have looked extensively, but I would assume you could create a script using your favorite language (perl, python, ruby etc) and start running a bruteforce or dictionary against the container.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    19

    Default

    Seeing how I have limited ability in this field, I wouldn't know where to begin. All I have taken so far in college is C, Java, Networking and A+ Prep. A friend showed my BT and I have been learning as I go. I don't work in the field and I won't for a couple more years. I have found a couple perl scripts that I could get and run against files but I don't understand enough about cryptography to know if the end result would be the same for each container since they are encrypted differently. I understand the different methods of encryption are the way in which the data is scrambled so it can't be read but the end result of having the password would output the information contained in the container. But if that was the case I could make a TC container with a .rar extension and run against rarcrack and it should spit out the passkey... But it didn't work for me.

  4. #4

    Default

    I've never used truecrypt before, but I'm going to assume it has some kind of command line you can run to encrypt/decrypt the container contents?

    If this is the case, I think you could build a perl/python/bash script wrapper that calls truecrypt, and then pulls words from a dictionary or call random strings, iterating through each line in the dictionary until success. I'm sure there is something better out there, but as I mentioned in my OP, I haven't looked too hard.

    Scripting isn't too difficult and is a skill that is well worth your time to learn. This would be a good project for you to start with.

    If this isn't what you were looking for, then sorry that I've misunderstood what you were asking.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    19

    Default

    Thanks for the links. Yes what I found wasn't much help either. I think my best bet would be to try the java version and change some settings to make it do only certain characters. I don't need a brute force dictonary attack as is my only option with the truecryptbrute.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by JohnMa69 View Post
    Thanks for the links. Yes what I found wasn't much help either. I think my best bet would be to try the java version and change some settings to make it do only certain characters. I don't need a brute force dictonary attack as is my only option with the truecryptbrute.
    Or you could make a dictionary file that contains all of the key combinations you want to try...

    Using something like crunch.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    While i dont know much, i do use trucrypt and in doing so i know it uses one of 3 different encryption schemes

    AES, Serpent, Twofish

    You can also have it use a cascade of 2 or 3 of them in different configurations. You obveously need to know what it is encrypted with before you can begin cracking.

    It is designed this way to make it nearly impossible to bruteforce by even the most powerfull supercomputers. I read an artical a year ago that said using a strong password and the cascade option it would take like 1000 years using all the computing power in existance to break it.

    Keep in mind that even if you do somehow manage to break the password there is always the possibility of a hidden container / OS and no there is NO WAY! to prove if one is there or not.

    There is a reason that every scene site uses it

  9. #9
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by vvpalin View Post
    While i dont know much, i do use trucrypt and in doing so i know it uses one of 3 different encryption schemes

    AES, Serpent, Twofish

    You can also have it use a cascade of 2 or 3 of them in different configurations. You obveously need to know what it is encrypted with before you can begin cracking.
    Or you just front-end the Truecrupt program with an interface that tries to bruteforce the password by trying many different possible passwords in succession very fast. Once its provided the right password (assuming only a single password is used) the TrueCrypt program will sort out the rest of the details itself, and decrypt the file. The details of what algorithms are used are only important if you want to write your own cracker.

    With encryption the security of the system depends on the weakest link. If you use a Truecrypt volume that uses 3 different cascading algorithms to encrypt your data but protect it only with a password of "secret" you shouldn't expect to maintain the secrecy of your information in the encrypted file it it gets into the wrong hands.

    Secure use of TrueCrypt would require the use of long and complicated passwords with the possible additions of keyfiles and the hidden volume feature.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  10. #10
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by lupin View Post
    With encryption the security of the system depends on the weakest link. If you use a Truecrypt volume that uses 3 different cascading algorithms to encrypt your data but protect it only with a password of "secret" you shouldn't expect to maintain the secrecy of your information in the encrypted file it it gets into the wrong hands.

    Secure use of TrueCrypt would require the use of long and complicated passwords with the possible additions of keyfiles and the hidden volume feature.
    of course ... and anyone that knows anything about security should know that ... or atleast i hope so

    However when dealing with trucrypt volumes or disks its always wise to make a decoy with a marginal pass ... then your hidden container will use your strong pass "atleast 20 or more random characters"

    It will help in 2 ways one if someone does try and crack it they will find the first pass "relatively easy" but the more important reason being blackmail / coercion

    That way you can basicaly give out the first pass and you will lose some sensitive data however your truly important stuff will remain hidden.

    Also if memory serves me there is some sort of way it prevents a bruteforce the way you suggest. "i could be wrong"

    Either way trucrypt is an amazing program and i recommend everyone check it out, its well documented and very Very VERY easy to set up.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •