Truecrypt

[3di]

Hi philsmd,

Thanks for your reply!

What do you mean by "I'm now able to run the attack" ?

Are you able to crack hashes that you have generated as a test ? Did you try to crack the example hash from https://hashcat.net/wiki/example_hashes ?

I tried to breakt the sample Hash (TrueCrypt 5.0+ Whirlpool + Twofish-Serpent, PW: hashcat) via Bruteforce but unfortunately it didn't solve it, hashcat told me "Time.Estimated...: Next Big Bang (> 10 years)" and i gave up waiting after 24h as the calculationg time didn't drop below that.

The Password "hashcat" is 8 digits, mine was about 18 digits, so it might take 4-5 Next Big Bangs :-).

I don't think brute-force is a good strategy here. I would suggest to use dictionary-based or rule-based attacks with slow hashes like TrueCrypt. It's a much more clever in most of the cases, except from some minor special cases e.g. if the password was generated randomly (for instance by a password manager) and is known to be random chars.

see https://hashcat.net/wiki/doku.php?id=rule_based_attack and the examples with -a 0 -r from above. You would need to come up with a good list of candidate passwords that you use as you dictionary and a couple of rules that mangle the passwords in the dictionary

Maybe I'll try this for the next run, unfortunately i already tried thousands of passwords and iterations of it via an other tool (OTFBrutus). I wasn't expecting this long calculating times, is there something wrong, or do i have to deal with it as its part of truecrypts security?

Best Regards und Thanks!

3di