12-13-2018, 09:12 PM
I had a glance at this page: https://diskcryptor.net/wiki/Volume
and the source here https://github.com/smartinm/diskcryptor
it seems that the algo for key derivation from the password is PBKDF2-HMAC-SHA512 ($pass, $salt, 1000)
- https://github.com/smartinm/diskcryptor/...dec.c#L676
- https://github.com/smartinm/diskcryptor/....c#L70-L71
where 1000 is the hard-coded iteration round and salt is stored within the first 64 bytes of the partition/volume (not encrypted see the typedef struct _dc_header and "Salt. Random number used when deriving volume header key. " and "Encryption No" on this page https://diskcryptor.net/wiki/Volume)
This means that you could in theory derive the key and "only" check for the "DCRP" signature in the decrypted header (and if needed the crc32 checksum of the remaining decrypted bytes of the header if you get too many false positives with just the DCRP check).
and the source here https://github.com/smartinm/diskcryptor
it seems that the algo for key derivation from the password is PBKDF2-HMAC-SHA512 ($pass, $salt, 1000)
- https://github.com/smartinm/diskcryptor/...dec.c#L676
- https://github.com/smartinm/diskcryptor/....c#L70-L71
where 1000 is the hard-coded iteration round and salt is stored within the first 64 bytes of the partition/volume (not encrypted see the typedef struct _dc_header and "Salt. Random number used when deriving volume header key. " and "Encryption No" on this page https://diskcryptor.net/wiki/Volume)
This means that you could in theory derive the key and "only" check for the "DCRP" signature in the decrypted header (and if needed the crc32 checksum of the remaining decrypted bytes of the header if you get too many false positives with just the DCRP check).