Security Basics mailing list archives

Re: Help on truecrypt recovery

From: Phillyun <phillyun () gmail com>
Date: Mon, 29 Dec 2008 16:11:58 -0600

On Mon, Dec 29, 2008 at 11:06,  wrote:


On the new year note , I happend to forget my truecrypt password. I
got some queries in this regards

1. BIOS 's pre-boot authentication works on full disk encryption but
what abt file  encryption (over OS), any pointers ?
2. How does password mechanism work on a encrypted file.
3. Any good disctionary attack tools.


The whole idea is that without the password, you can't access the data. It
seems you're hoping that there's a trivial way to gain access to your
volume.  If it were that simple, why would you use the product?  Me thinks
you're poked.  Kiss your data goodbye.


CC,
I suspect this is a hoax since spell check wasn't even used (if not,
please forgive the BS meter's false positive, I've been known to fat
finger a word or three myself). Even so, I'm wondering if others have
suggestions on how one would design a theoretical attack? I never
personally like the answer "you are poked", but you may be without
your data for a while ... we're talking about how many years of
potential computing here?!!

The information you need is on the recovery disk that you burned when
first encrypting your volume. Remember that? Hopefully you remember
your original password as that will be the one on the disk. (I am
assuming the boot sector has become corrupt or you changed the
password w/o burning another disk here) As long as you haven't
shredded the original recovery disk, recovery is possible with that
original PW.
If not - or you really have forgotten what password you used, rent a
network (cloud) and compute!
Eventually you will have your data. You could further constrain the
scope of a brute force attack by using known parameters (like your
'style' of password that you likely used). Good luck. ... then again
... the salt - also part of the setup process makes this more of a
bitter challenge, doesn't it?

You are more likely to find a vulnerability (known or not) in the
actual version of TC used than brute force it outright. TC later added
the ability to "customize" the password screen / startup screen which
removed the version number from the screen. What version is being
used? What did the TC source look like at that time - were there any
issues in the way it computed things? What encryption method(s) did
you use during setup. Was it one, two or three levels deep?

Current thread:

Re: Help on truecrypt recovery, (continued)
- - Re: Help on truecrypt recovery Raj (Dec 30)
    - RE: Help on truecrypt recovery Vogels, Mark (Dec 31)
- RE: Help on truecrypt recovery Murda Mcloud (Dec 30)
- Re: Help on truecrypt recovery Sitaram Chamarty (Dec 30)
- RE: Help on truecrypt recovery Vogels, Mark (Dec 30)
  - Help with MS07-042 - will not seem to install on this one laptop Jeff Dinger (Dec 30)
    - RE: Help with MS07-042 - will not seem to install on this one laptop Murda Mcloud (Dec 31)
    - RE: Help with MS07-042 - will not seem to install on this one laptop Jeff Dinger (Dec 31)
    - Re: Help with MS07-042 - will not seem to install on this one laptop Stephen Thornber (Dec 31)
    - RE: Help with MS07-042 - will not seem to install on this one laptop Lape, Steve (Dec 31)
- Re: Help on truecrypt recovery Phillyun (Dec 30)