Today, 12:11 AM
(Yesterday, 01:40 PM)Bartholomew Wrote: Hello. I encrypted a pendrive partition (NTFS) Truecrypt version 7.1 I used the RIPEMD-160 hash key and AES encryption. (standard). I checked the non-system partition option. I used a password with only special characters including a space, 5 characters long. I dumped the first 32 kB of Disk Druid for Windows. The hashcat program does not search for passwords in special characters by default. Should I create a charset file or provide a command in some form? I do not want to use a mask because I do not know the order of the password characters. I did not find an answer to my question on the hashcat forum.
2. What mode to choose for Truecrypt version 7.1 when the partition is non-system (flash drive) and the hash key is RIPEMD-160 and AES encryption. This is the standard option without any changes to the default Truecrypt settings. The "-m 6243" option seems too slow and inappropriate to me, because the flash drive is non-bootable. Please help. Thank you.
--------
Bartholomew
You dumped 32kb of disk druid? Wdym??
Anyways, you need the first 512 bytes of the encrypted partition. If you use truecrypt2hashcat.py to extract the hash, then you should use hashcat mode 29311.
If you extract manually and save the 512 bytes into a binary, then go for mode 6211.
Now, this is a slow hash, so bruteforcing is normally not advised, but if it's only 5 char long, all special chars and one of them is a space, you could try with masks "\ ?s?s?s?s", "?s\ ?s?s?s", "?s?s\ ?s?s", "?s?s?s\ ?s" and "?s?s?s?s\ ".