Security Basics mailing list archives
Re: Re: password protect pen drive
From: krymson () gmail com
Date: Wed, 16 Jul 2008 04:03:40 -0600
First, I'm curious, can TrueCrypt passwords actually have rainbow tables? I don't think so, depending which password encryption/hash you use with TrueCrypt. I'm pretty sure they're exempt from realistic rainbow table use. Second, how do you come by the 1.68 hours to crack the password? I have no doubt one can bruteforce the TrueCrypt password, but you will need to devise your own script and also a positive check in order to do it, no? I wouldn't be surprised if something can run through TrueCrypt attempts quickly (depending on how fast it tells you 'fail'), so I'm just curious where that number came from. Third, I don't know any system that can't be brute-forced when the password is simple or easy. It's just a matter of how costly it is for the attacker to accomplish. You would need lockouts or timeouts to make this too costly for an attacker to wait for. Or use a large password that would take a long time to process. For something as "stripped" as disk encryption, you'll want to use a long password as opposed to expecting a vendor to build more intelligence into the process. <- snip -> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 infolookup (at) gmail (dot) com [email concealed] wrote:
How good is TrueCrypt I tried it and when I was using a short password it told me I should use over 20 letters or it could be cracked.
It said you should always use at least 20 characters.
Now my question is if you use a combination of "*#$and22" how easy would that be to crack?
Your password can be broken in 1.68 hours on this computer. That is by brute force. Rainbow tables will take seconds.
My point is what good is encryption program if you can easily crack it. Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Rob Thompson <my.security.lists (at) gmail (dot) com [email concealed]> Date: Sat, 12 Jul 2008 11:58:45 To: Lovena J Reddi<lovenareddi (at) intnet (dot) mu [email concealed]> Cc: <a.karpinsky (at) mirohleb.kiev (dot) ua [email concealed]>; <security-basics-return-49733-a.karpinsky=mirohleb.kiev.ua@securityfocus
.com>; 'Karl Lankford'<karl (at) kaspersky.co (dot) uk [email concealed]>; 'Rob'<goldleader05 (at) gmail (dot) com [email concealed]>; <security-basics (at) lists.securityfocus (dot) com [email concealed]>
Subject: Re: password protect pen drive Lovena J Reddi wrote:HiI am looking for a password protect for my usb drives. Any idea for a free one.For a free product, Truecrypt. This is not centrally administered, but it does a great job if you don't have a bunch to control. For a thumbdrive, you will want to use the "portable" version which is something that you can do from the installed product or you can specify when you install... Someone else posted something in this thread at the bottom about locking down thumbdrives/auditing/etc... See below, please.Please note that that when I plug my thumbdrive in the usb port it should prompt me the password interface so that after putting the right password I am allow to access the thumbdrive content. The usb drive will b plug in any machine.Kindly advise.Lovena
Current thread:
- RE: password protect pen drive Hayes, Ian (Jul 14)
- <Possible follow-ups>
- Re: Re: password protect pen drive krymson (Jul 16)
- Re: password protect pen drive Rob Thompson (Jul 18)
- Re: password protect pen drive krymson (Jul 21)
- RE: password protect pen drive David Denney (Jul 23)