Thursday, February 5, 2009

Cracking a TrueCrypt Container

5:50 PM Posted by Bozidar Spirovski , ,
This week i tried to open an old TrueCrypt container. It turned out that i had forgotten the password. So I endeavored into the realm cracking the TrueCrypt container. Here are my experiences

The problem
I have a TrueCrypt container in which i hold my personal documents. The container is created with TrueCrypt 6.1a. Since i haven't been using the documents for a while, the password slipped from my mind. I a moment of desperation I tried to crack the password.

The preparation
To automate the process, I used the true.crypt.brute tool in version 1.9b. It is a very straightforward tool to use, but it has one drawback - it tries to crack based only on a pregenerated wordlist. That means that you need to generate your possible passwords list and let it rip.
First, i created a simple encrypted volume with a 2 character password to check the software.

It went through 819 passwords within 45 seconds and decrypted the password. This would mean that the brute force crack would run through around 64800 passwords per hour.

For a wordlist generator I used the old but excellent WG

Fist attempt and disappointment
If the password was in the interval between 2 and 4 characters and it contained only uppercase and lowercase alphabet and numbers, that means that you have 6,377,500 passwords to go through. The worst case scenario for a 4 character password is a brute force crack of 98 hours (4 days)

But, there is no 4 character password in a serious TrueCrypt container - especially mine.

Second attempt and disappointment
As luck was on my side, I was fairly certain of what the password was, only i couldn't tell which uppercase/lowercase letters i used and which numbers i added.
So i created a custom wordlist which included only the 13 letters contained in my password, and i set the password size between 16 and 18. I stopped the password generation at 33 million passwords. If i should run only those passwords, it would take me 21 days to go through them - and that's not a complete list!!!

A final attempt
As a final scenario i prepended the first part of the password - to which i was certain and left only 7 letters and 10 numbers to be padded. I distributed the workload on 4 machines, i cracked the password in 4 days.

The generic brute force attack on any target, including a TrueCrypt volume is extremely difficult to achieve since the time needed to try the passwords is very long. The only logical approach is to perform the 'due diligence' of knowing the partial password before attacking the TrueCrypt volume.