06-26-2020, 10:44 AM
(06-25-2020, 11:35 AM)philsmd Wrote: no, in general it's not possible. The architecture choice / design of VeraCrypt itself does not allow seeing what algos are being used.
That said, it's very easy to see a bootloader... i.e. if the disk is starting with a veracrypt logo and you need to type the password there (therefore boot-mode is a special mode and easy to recognize... i.e. when your disk starts with the Veracrypt boot loader).
Otherwise, you need to test all 5 options:
Code:-m 13713 = VeraCrypt RIPEMD160 + XTS 1536 bit
-m 13753 = VeraCrypt SHA256 + XTS 1536 bit
-m 13723 = VeraCrypt SHA512 + XTS 1536 bit
-m 13773 = VeraCrypt Streebog-512 + XTS 1536 bit
-m 13733 = VeraCrypt Whirlpool + XTS 1536 bit
The 1536 bit variants that hashcat supports also allow cracking the VeraCrypt disks/volumes/contains with less bits (512 and 1024 and 1536 all cracking), but of course you would need to test the different hashing algorithms: RIPEMD160, SHA256, SHA512, Streebog-512 and Whirlpool separately (i.e. start hashcat with all those 5 hash types, -m, one after the other).
Ohh that helps a lot
fortunately i didnt choose to encrypt the boot partition haha - but i have volumes for like photos, music (why!!!!) etc... so im thinking, like with other hashes, can it attack more hashes at once then? its terribly slow because the keyspace is so small :/ i have tried concatenating three hashes to one file, but it doesnt recognize the file as three hashes :/