BuckoA51 Posted September 5, 2013 Share Posted September 5, 2013 First of all, please don't beat me too hard if I've got something wrong in this post, I'm not a security expert by any means. So I read about the improvements in Hashcat and how you can now crack Truecrypt volumes more efficiently. I started wondering if my Truecrypt passwords were adequate enough and ways to strenghthen them and I remembered Ubikey. Ubikey can add a bunch of random characters to your password to make it harder to crack. Now, what made me pause for thought is this. Let's say an attacker steals my computer and my Ubikey. Assuming I'd locked the machine, there are few scenarios for attacking the Truecrypt container:- 1) Brute force - He/She could simply add the ubikey random text to his word list. Simple, but will still be inefective if my password isn't in his/her dictionary. 2) Hashcat - Now, here's where I think I understand but might not. Am I right in saying that, because hashes are designed so that changing the password a little results in a completely different hash, that knowing /part/ of a password (in this scenario the part stored on the Ubikey) is absolutely no help whatsoever if you are trying to break a hash? Or have I misunderstood completely? Quote Link to comment Share on other sites More sharing options...
digininja Posted September 5, 2013 Share Posted September 5, 2013 Hashcat is a brute forcer so your comments on 1 apply to 2. Its power comes from being able to modify words from the word list before testing them, for example adding numbers to the end or characters to the start. These modifications come from rules that you give to it so you'd just write the rules to always have the yubikey value on the end or start so using it wouldn't give any extra protection. Quote Link to comment Share on other sites More sharing options...
BuckoA51 Posted September 5, 2013 Author Share Posted September 5, 2013 Right yeah I understand I think, with Hashcat you're basically brute forcing passwords against the hash rather than against the container itself, because that's simply faster? Quote Link to comment Share on other sites More sharing options...
digininja Posted September 5, 2013 Share Posted September 5, 2013 I don't know how Truecrypt encryption works but what you are brute forcing is the key that is used to unlock it wherever it is stored Quote Link to comment Share on other sites More sharing options...
BuckoA51 Posted September 5, 2013 Author Share Posted September 5, 2013 Yep that makes sense thanks, the more you know. If only humans were better at remembering random strings of letters and numbers. Quote Link to comment Share on other sites More sharing options...
digininja Posted September 5, 2013 Share Posted September 5, 2013 I use a key file and a passphrase to secure my truecrypt volume, I doubt that Hashcat will use files yet, probably just passphrases. Without knowing the file is required there is no way to tell so you could spend all day trying to brute force the passphrase and not get anywhere. Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted September 5, 2013 Share Posted September 5, 2013 Dont forget that only static paswords are used with truecrypt. Damn it would be nice to have a encrypted disk with OTP :/ Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted September 5, 2013 Share Posted September 5, 2013 Assuming I'd locked the machine, there are few scenarios for attacking the Truecrypt container:- 1) Brute force - He/She could simply add the ubikey random text to his word list. Simple, but will still be inefective if my password isn't in his/her dictionary. 2) Hashcat - Now, here's where I think I understand but might not. Am I right in saying that, because hashes are designed so that changing the password a little results in a completely different hash, that knowing /part/ of a password (in this scenario the part stored on the Ubikey) is absolutely no help whatsoever if you are trying to break a hash? Or have I misunderstood completely? Actually there is a third attack method if you have the Truecrypt container mounted when you locked the machine, take the encryption keys straight from your machines memory. If you have an accessible port which supports DMA (e.g. Firewire) then an attacker can connect through this and search your machines memory for the key. If there isn't a port supporting DMA available then they can restart the machine and boot it into a simple bit of code designed to dump the machines memory to a USB drive, which can then be trawled through to find the keys. Quote Link to comment Share on other sites More sharing options...
BuckoA51 Posted September 5, 2013 Author Share Posted September 5, 2013 Yeah I remember seeing the Hak5 episode on cold boot. It's a pity keyfiles cannot be used for pre-boot authentication, maybe in the future. Truecrypt could create a USB drive full of random keyfiles, and you only needed to enter your password and remember which keyfile it was on the USB stick when booting. Quote Link to comment Share on other sites More sharing options...
digininja Posted September 5, 2013 Share Posted September 5, 2013 If you are running Linux then you can use LUKS and its full disk encryption, you put you key on a USB stick and the machine won't boot without that stick being present. You could put multiple keys on there if you wanted to obscure things as well. Not sure if Truecrypt or Bitlocker will do that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.