Veracrypt boot volume - decryption possible? Parts of pw known
#4
it's rather a question whether this is feasible or not. This depends on how confident you are about the 25 known prefix/characters and how random the remaining part is.

It's not feasible if the 10 chars are completely random characters and from a large character set (a lot of different likely characters). On the other hand, if also the 10 chars are from a word list, it's a completely different story.

So my suggestion is to step back a little bit and think again about how feasible and random the remaining part is and if maybe you might be able to remember more about the remaining 10 characters at the end of the password.

hashcat supports 2 different VeraCrypt boot-mode :

Code:
-m 13743 = VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode
-m 13763 = VeraCrypt SHA256 + XTS 1536 bit + boot-mode

so it depends whether you've created the boot medium with the RIPEMD160 hashing algorithm or with SHA256 (these are options/selections when setting up the volume). Maybe you remember the exact type, that would be great.

I also highly suggest to do an extra little exercise (in my humble opinion it's not really optional, but very, very recommended) and step back again and create a similar boot medium (a new HDD/SDD for instance) as an example and try to encrypt that with similar options and a "similar" password and try to crack it with hashcat. This helps a lot to get confident and see if everything should and does work, the way you might expect it with the real/target encrypted volume.
Only if you are able to crack your sample, you should move on and try to crack the real medium (dictionary attack with rules or in your specific case also a combinator/hybrid attack, see hashcat wiki).

Of course, you shouldn't confuse one volume with the other, so make backups of the important data and keep your data and hash files clearly separate and backed up from "just" your test volume. (of course cracking the sample with known password doesn't necessarily mean that your target/original hash can be cracked as easily, it could be infeasible when the keyspace and the computing power are the limiting factors and make it infeasible).
Reply


Messages In This Thread
RE: Veracrypt boot volume - decryption possible? Parts of pw known - by philsmd - 02-20-2021, 09:58 AM