View unanswered posts | View active topics It is currently Thu, 2017/12/14 11:04 am



Reply to topic  [ 3 posts ] 
TrueCrypt: Brute Force Password 
Author Message
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 302
Location: Los Angeles, CA USA
Unread post TrueCrypt: Brute Force Password
For the 1 or 2 of you out there trying to brute force the password on your TrueCrypt volume, I thought I'd put together a list of programs I know of that can (try to) accomplish this task. This task is not for the impatient.

On a dual quad core Xeon machine running 16 threads:
Selecting a single Hash Algorithm (SHA512) and a single Encryption Algorithm (AES) I can try 10400 passwords per second using Ivan Golubev's Password Recovery Suite (in CPU mode) and about 4800 p/s using OTFBrutusGUI. If I had a supported GPU I could supposedly get around 27000 p/s using Ivan Golubev's Password Recovery Suite (in GPU mode).

But even 27000 p/s is extremely slow unless you can somehow shorten the amount of characters in your password that you need to bruteforce.

A 6 character password (and most software recommends your password to be even longer) using a combination of upper and lower case plus digits contains 56,800,235,584 passwords which, at 27000 p/s, would take 24.35 days to crack. And that's assuming you have a supported GPU and you are sure that you used SHA512. If you're not sure which hash algorithm or encryption algorithm you used or which version of TrueCrypt was used, the fastest option I have access to is OTFBrutusGUI trying only about 287 p/s, which would take about 2314 days to crack that same 6 character password. If you're not sure which hash algorithm or encryption algorithm you used but you are sure that TrueCrypt version 5.0 or greater was used, the fastest option I have access to is Ivan Golubev's Password Recovery Suite v1.21 trying only about 520 p/s, which would take about 1,264 days to crack that same 6 character password.



Free Packages

OTFBrutusGUI (written by me, so I am probably a little biased)
http://www.tateu.net/software/dl.php?f=OTFBrutusGUI
Supports all encryption algorithms, hash algorithms and encryption modes (including Legacy methods) for every TrueCrypt version from v1.0 through the current v7.1a
Supports all volume types (Normal, Hidden, Hidden Legacy and System)
Supports keyfiles
Supports file and device based containers
Supports header backup files
Supports precomputed word lists or can generate its own
Is faster than most of the other free packages on my dual quad core Xeon Win7 machine, except for Ivan Golubev's Password Recovery Suite


This software no longer works, it says something about an expired license and forwards to an unknown website.
Ivan Golubev's Password Recovery Suite v1.21
http://www.golubev.com/igprs/
This is the fastest I have tested. In CPU mode, it is twice as fast as any of the other free programs I have tried and it is supposed to be even faster if you have a supported GPU (which I do not)
Supports other volume types besides just TrueCrypt (Apple IOS backups, Blackberry backups and WPA/WPA2 handshakes)
SHA512, RipeMD, Whirlpool
Keyfiles not supported
Legacy CBC, LRW Modes not supported
Legacy SHA1 not supported
Legacy Blowfish, Cast5, DES3, IDEA not supported
Supports precomputed word lists or can generate its own



TCHead
http://16s.us/TCHead/
Cascaded ciphers not supported
Keyfiles not supported
Legacy CBC, LRW Modes not supported
Legacy SHA1 not supported
Legacy Blowfish, Cast5, DES3, IDEA not supported
Supports precomputed word lists


unprotect.info
http://unprotect.info/download/
Keyfiles not supported
Cascaded ciphers not supported
Hidden volumes, System volumes, encrypted partitions and encrypted drives not supported
Legacy CBC, LRW Modes not supported
Legacy SHA1 not supported
Legacy Blowfish, Cast5, DES3, IDEA not supported
Generates its own word list


TCBrute
http://securityvision.ch/index.php?opti ... &Itemid=58
v2.7 crashes on my Win7 64 bit machine


truecrack
http://code.google.com/p/truecrack/
I have not tried this, it is source code only and I haven't gotten around to trying to compile it. It does include Cuda algorithms for supported NVidia GPUs.
RipeMD only
AES only
SHA512, Whirlpool not supported
Twofish, Serpent not supported
Keyfiles not supported
Legacy CBC, LRW Modes not supported
Legacy SHA1 not supported
Legacy Blowfish, Cast5, DES3, IDEA not supported


oclHashcat-plus
http://hashcat.net/oclhashcat-plus/
https://hashcat.net/forum/thread-2301.html
I have not tried this but, cccording to the developers,
Quote:
Everything is written 100% on GPU.
Here are some speeds from 2x hd6990:
PBKDF2-HMAC-RipeMD160 / AES: 223 kHash/s
PBKDF2-HMAC-SHA512 / AES: 95 kHash/s
PBKDF2-HMAC-Whirlpool / AES: 49 kHash/s *updated*
PBKDF2-HMAC-RipeMD160 boot-mode / AES: 451 kHash/s




Commercial Packages

AccessData Password Recovery Toolkit
http://accessdata.com/products/computer ... erytoolkit
Out of my price range, have not tried it


Last edited by tateu on Tue, 2013/11/05 1:23 pm, edited 3 times in total.

Add some info on oclHashcat-plus



Tue, 2012/03/06 5:28 pm
Profile WWW

Joined: Sat, 2013/03/16 11:39 am
Posts: 36
Unread post Re: TrueCrypt: Brute Force Password
BTW, there is a problem with
Ivan Golubev's Password Recovery Suite v1.21
I downloaded both versions and was told a license had expired, would i like to visit a website.
the website appears to have nothing to do with Ivan.

you might want to double check that one.
and you might add the elcomsoft distributed password program, very pricey but it does now support TC


Mon, 2013/03/18 6:42 pm
Profile
Site Admin

Joined: Sun, 2005/04/03 7:02 pm
Posts: 302
Location: Los Angeles, CA USA
Unread post Re: TrueCrypt: Brute Force Password
Thanks. I haven't used it since I posted this thread. Even the old version 1.0.48.2118 downloaded in February 2012 does the same thing. I struck all the comments about it and put a note about it in red.


Mon, 2013/03/18 8:26 pm
Profile WWW
Display posts from previous:  Sort by  
Reply to topic   [ 3 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software