USB Drive
#1
Lightbulb 
I am trying to crack a password on my USB Drive, I was foolish and made a mistake locking myself out, curious if it's possible or not, I am new to using hashcat and not sure entirely if it's even possible to break AES(Twofish) the encryption was made with Veracrypt and the pass is 20 digits randomly made (password generator)

What I was looking to do is use a mask attack and read the wiki for more help with doing the proper code output, is there any advice on this? I am running Windows 10 latest updated. I am trying to get my keypass file back which holds all my passwords to everything I have. Sorry if I am asking foolish question, and not an expert on breaking passwords. I would be thankful for any advice.
Reply
#2
20 random digits on a veracrypt volume? That's too many.
Reply
#3
I agree that no password utility could crack such a long password if it is truly random. I am curious how the 20-character password was created. Also, such a long password must have been stored somewhere?
Reply
#4
I stored them in both my USB Drive and External drive, for safe keeping, and I did not think to unencrypt one for safe using, they're both locked away and I was in a rush to reformat my PC because of some problems, Only after did I notice the mistake, and I used keypass to make the password for my usb drive and external drive, both locked away, I have an old file, but not the latest with my passes, I understand if this mistake is too much to correct, I thought so, sad news. I remember it was using upper case and lower case with numbers, no special characters. I guess I burned myself too much this time, thank you for the replies.
Reply
#5
(01-14-2019, 02:57 AM)a-blackw-d0w Wrote: I stored them in both my USB Drive and External drive,  for safe keeping, and I did not think to unencrypt one for safe using, they're both locked away and I was in a rush to reformat my PC because of some problems, Only after did I notice the mistake, and I used keypass to make the password for my usb drive and external drive, both locked away, I have an old file, but not the latest with my passes,  I understand if this mistake is too much to correct, I thought so, sad news. I remember it was using upper case and lower case with numbers, no special characters. I guess I burned myself too much this time, thank you for the replies.

I wouldn't give up entirely. You've just narrowed the keyspace exponentially by eliminating special characters, and you do know the exact length. The original hard drive that was used while creating the passwords may be helpful in searching for the key. I would immediately stop using your system drive so we can look for the key in the file system's unused space. If it was stored outside of Veracrypt, (like if you pasted it into a text file or emailed it to yourself) that's a huge plus (this is implied in your previous thread). Where that password may be depends on the operating system and many other factors. 
If it's not found, then as a last resort I would come back to looking at cracking the password. Just remembering where a few characters were would reduce the keyspace drastically. Or maybe you remember that the first 3 characters were capitals and the last was a number. Or maybe something about the numbers -my point is that anything you remember can make a major difference. This is always where I start- first, is the password really lost? Second, are we really looking at a true 20-character keyspace. 
All of this can be worked into an equation to determine the length of time that it would take given the amount of hashing power that you have. Due to high CPU overhead of the GPUs, we've built several "rigs" that work together and have just upgraded to RTX 2080 Ti Nvidia GPUs, which we've found to be up to twice the speed of our previous generation GPU's, depending on complexity of course. 
And if you are storing something like pictures and it can wait, in a few years this may not be as impractical as it sounds.
Reply
#6
(01-14-2019, 02:26 PM)carmitchel Wrote: Just remembering where a few characters were would reduce the keyspace drastically. Or maybe you remember that the first 3 characters were capitals and the last was a number. Or maybe something about the numbers -my point is that anything you remember can make a major difference. This is always where I start- first, is the password really lost? Second, are we really looking at a true 20-character keyspace.

It doesn't really matter in this case. Even if he were to remember ten of the twenty characters correctly, bruteforcing the other ten chars would still be infeasible with ?l?u?d.
Reply
#7
hmm, Well thank you for the bit of hope, I will keep my external drive as backup in hopes one day I can gain access once again, It's fun to learn new things, Hashcat seems interesting will try my best to keep reading the wiki and learning how to use it. Thanks for the help.
Reply