Cracking a Truecrypt Container
#1
Is it possible to crack the Truecrypt Container password ?

The encryption method was  AES-Twofish-Serpent SHA 512
and the password length was 32 characters with words in different languages, letters, numbers and special characters.
 
Can I recover my password with  hashcat ?
If yes which options do I have to specify?
Reply
#2
That's hashcat mode 6223 (where 3 = "all" (all three algorithms)):

Code:
  62XY | TrueCrypt                                        | Full-Disk Encryption (FDE)
...
    X  | 2 = PBKDF2-HMAC-SHA512                           | Full-Disk Encryption (FDE)
...
     Y | 3 = XTS 1536 bit all                             | Full-Disk Encryption (FDE)

You can practice and validate your approach against this container with a known password ('hashcat'):

https://github.com/hashcat/hashcat/blob/...c?raw=true

You can do a basic mask attack like so:

hashcat -a 3 -w 4 -m 6223 --potfile-path=./test.potfile hashcat_sha512_aes-twofish-serpent.tc hashca?l

It sounds like your candidate wordlist will be complex; that will take some additional work (but can be done external to hashcat, as in "script_thing | hashcat -a 0 [...]"
~
Reply
#3
(01-27-2019, 10:30 PM)royce Wrote: That's hashcat mode 6223 (where 3 = "all" (all three algorithms)):

Code:
  62XY | TrueCrypt                                        | Full-Disk Encryption (FDE)
...
    X  | 2 = PBKDF2-HMAC-SHA512                           | Full-Disk Encryption (FDE)
...
     Y | 3 = XTS 1536 bit all                             | Full-Disk Encryption (FDE)

You can practice and validate your approach against this container with a known password ('hashcat'):

https://github.com/hashcat/hashcat/blob/...c?raw=true

You can do a basic mask attack like so:

hashcat -a 3 -w 4 -m 6223 --potfile-path=./test.potfile hashcat_sha512_aes-twofish-serpent.tc hashca?l

It sounds like your candidate wordlist will be complex; that will take some additional work (but can be done external to hashcat, as in "script_thing | hashcat -a 0 [...]"

Ok,Thanks
Reply