Jump to content

Hashcat improvements and strengthening passwords


BuckoA51
 Share

Recommended Posts

First of all, please don't beat me too hard if I've got something wrong in this post, I'm not a security expert by any means.

So I read about the improvements in Hashcat and how you can now crack Truecrypt volumes more efficiently. I started wondering if my Truecrypt passwords were adequate enough and ways to strenghthen them and I remembered Ubikey. Ubikey can add a bunch of random characters to your password to make it harder to crack. Now, what made me pause for thought is this. Let's say an attacker steals my computer and my Ubikey. Assuming I'd locked the machine, there are few scenarios for attacking the Truecrypt container:-

1) Brute force - He/She could simply add the ubikey random text to his word list. Simple, but will still be inefective if my password isn't in his/her dictionary.

2) Hashcat - Now, here's where I think I understand but might not. Am I right in saying that, because hashes are designed so that changing the password a little results in a completely different hash, that knowing /part/ of a password (in this scenario the part stored on the Ubikey) is absolutely no help whatsoever if you are trying to break a hash? Or have I misunderstood completely?

Link to comment
Share on other sites

Hashcat is a brute forcer so your comments on 1 apply to 2. Its power comes from being able to modify words from the word list before testing them, for example adding numbers to the end or characters to the start.

These modifications come from rules that you give to it so you'd just write the rules to always have the yubikey value on the end or start so using it wouldn't give any extra protection.

Link to comment
Share on other sites

I use a key file and a passphrase to secure my truecrypt volume, I doubt that Hashcat will use files yet, probably just passphrases.

Without knowing the file is required there is no way to tell so you could spend all day trying to brute force the passphrase and not get anywhere.

Link to comment
Share on other sites

Assuming I'd locked the machine, there are few scenarios for attacking the Truecrypt container:-

1) Brute force - He/She could simply add the ubikey random text to his word list. Simple, but will still be inefective if my password isn't in his/her dictionary.

2) Hashcat - Now, here's where I think I understand but might not. Am I right in saying that, because hashes are designed so that changing the password a little results in a completely different hash, that knowing /part/ of a password (in this scenario the part stored on the Ubikey) is absolutely no help whatsoever if you are trying to break a hash? Or have I misunderstood completely?

Actually there is a third attack method if you have the Truecrypt container mounted when you locked the machine, take the encryption keys straight from your machines memory.

If you have an accessible port which supports DMA (e.g. Firewire) then an attacker can connect through this and search your machines memory for the key. If there isn't a port supporting DMA available then they can restart the machine and boot it into a simple bit of code designed to dump the machines memory to a USB drive, which can then be trawled through to find the keys.

Link to comment
Share on other sites

Yeah I remember seeing the Hak5 episode on cold boot. It's a pity keyfiles cannot be used for pre-boot authentication, maybe in the future. Truecrypt could create a USB drive full of random keyfiles, and you only needed to enter your password and remember which keyfile it was on the USB stick when booting.

Link to comment
Share on other sites

If you are running Linux then you can use LUKS and its full disk encryption, you put you key on a USB stick and the machine won't boot without that stick being present. You could put multiple keys on there if you wanted to obscure things as well. Not sure if Truecrypt or Bitlocker will do that.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...