BuckoA51 Posted September 5, 2013 Share Posted September 5, 2013 First of all, please don't beat me too hard if I've got something wrong in this post, I'm not a security expert by any means. So I read about the improvements in Hashcat and how you can now crack Truecrypt volumes more efficiently. I started wondering if my Truecrypt passwords were adequate enough and ways to strenghthen them and I remembered Ubikey. Ubikey can add a bunch of random characters to your password to make it harder to crack. Now, what made me pause for thought is this. Let's say an attacker steals my computer and my Ubikey. Assuming I'd locked the machine, there are few scenarios for attacking the Truecrypt container:- 1) Brute force - He/She could simply add the ubikey random text to his word list. Simple, but will still be inefective if my password isn't in his/her dictionary. 2) Hashcat - Now, here's where I think I understand but might not. Am I right in saying that, because hashes are designed so that changing the password a little results in a completely different hash, that knowing /part/ of a password (in this scenario the part stored on the Ubikey) is absolutely no help whatsoever if you are trying to break a hash? Or have I misunderstood completely? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.