hashcat Forum
Veracrypt algorithm identification - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Veracrypt algorithm identification (/thread-9337.html)



Veracrypt algorithm identification - SquinklePhoom - 06-25-2020

So uhm... Amidst an 8 day fever run, I (first mistake) brought my pc to the livingroom, and chose to ENCRYPT ALL THE THINGS(!!!11!!)... complete with random algo-settings, obscure keyfiles etc... and now...well... (second mistake) I have *no* idea what I was doing or thinking. So trying to save at least some of my data, hashcat is De (last) Way for me. So the question is - is there any way to see what algorithm is in use? ~20 different algo combinations with my fever-ridden passwords is not really an option... Sad


RE: Veracrypt algorithm identification - philsmd - 06-25-2020

no, in general it's not possible. The architecture choice / design of VeraCrypt itself does not allow seeing what algos are being used.

That said, it's very easy to see a bootloader... i.e. if the disk is starting with a veracrypt logo and you need to type the password there (therefore boot-mode is a special mode and easy to recognize... i.e. when your disk starts with the Veracrypt boot loader).

Otherwise, you need to test all 5 options:
Code:
-m 13713 = VeraCrypt RIPEMD160 + XTS 1536 bit
-m 13753 = VeraCrypt SHA256 + XTS 1536 bit
-m 13723 = VeraCrypt SHA512 + XTS 1536 bit
-m 13773 = VeraCrypt Streebog-512 + XTS 1536 bit
-m 13733 = VeraCrypt Whirlpool + XTS 1536 bit

The 1536 bit variants that hashcat supports also allow cracking the VeraCrypt disks/volumes/contains with less bits (512 and 1024 and 1536 all cracking), but of course you would need to test the different hashing algorithms: RIPEMD160, SHA256, SHA512, Streebog-512 and Whirlpool separately (i.e. start hashcat with all those 5 hash types, -m, one after the other).


RE: Veracrypt algorithm identification - Sondero - 06-25-2020

If you dont change anything on the Encryption-algorithmus and only use this one the programm propose you, it will help you to find the correct hashmode.
Start Veracrypt an write down the standard setting for your hashmode


RE: Veracrypt algorithm identification - SquinklePhoom - 06-26-2020

(06-25-2020, 11:35 AM)philsmd Wrote: no, in general it's not possible. The architecture choice / design of VeraCrypt itself does not allow seeing what algos are being used.

That said, it's very easy to see a bootloader... i.e. if the disk is starting with a veracrypt logo and you need to type the password there (therefore boot-mode is a special mode and easy to recognize... i.e. when your disk starts with the Veracrypt boot loader).

Otherwise, you need to test all 5 options:
Code:
-m 13713 = VeraCrypt RIPEMD160 + XTS 1536 bit
-m 13753 = VeraCrypt SHA256 + XTS 1536 bit
-m 13723 = VeraCrypt SHA512 + XTS 1536 bit
-m 13773 = VeraCrypt Streebog-512 + XTS 1536 bit
-m 13733 = VeraCrypt Whirlpool + XTS 1536 bit

The 1536 bit variants that hashcat supports also allow cracking the VeraCrypt disks/volumes/contains with less bits (512 and 1024 and 1536 all cracking), but of course you would need to test the different hashing algorithms: RIPEMD160, SHA256, SHA512, Streebog-512 and Whirlpool separately (i.e. start hashcat with all those 5 hash types, -m, one after the other).

Ohh that helps a lot Big Grin fortunately i didnt choose to encrypt the boot partition haha - but i have volumes for like photos, music (why!!!!) etc... so im thinking, like with other hashes, can it attack more hashes at once then? its terribly slow because the keyspace is so small :/ i have tried concatenating three hashes to one file, but it doesnt recognize the file as three hashes :/


RE: Veracrypt algorithm identification - SquinklePhoom - 06-26-2020

(06-25-2020, 08:38 PM)Sondero Wrote: If you dont change anything on the Encryption-algorithmus and only use this one the programm propose you, it will help you to find the correct hashmode.
Start Veracrypt an write down the standard setting for your hashmode

Thanks - but like I said, my feverish brain decided to change about every default setting there is haha Big Grin its really a battle up hill with this thing :/


RE: Veracrypt algorithm identification - philsmd - 06-26-2020

for very few hash types only one "hash" can be loaded at the same time. This is also true for VeraCrypt since (in theory, but normally you extract it anyway or work with a backup) you can directly load the start of the disk/volume as a "hash" etc

Normally cracking 1 VeraCrypt/TrueCrypt hash is challenging/hard/slow enough, therefore the use case and the number of users requesting something like this, is very low.

Maybe just try to crack the most important one first, or the one where you are more confident about the password etc.