This project has moved. For the latest updates, please go here.

Cracking VeraCrypt

Topics: Technical Issues
Jul 1, 2016 at 8:29 AM
Hi

I have read the information on this page: http://0x31.de/cracking-truecrypt-container-non-system-system/

I know there has been a good and positive development of VeraCrypt compared to the old TrueCrypt. But think of how is VeraCrypt safe from these attacks ?

Will you be able to do the same with VeraCrypt ?

Now that I have the chance. 1000 thanks to the unique work in carrying out the development of VeraCrypt. I do not have words for how grateful I am to have access to VeraCrypt.

Peter.
Jul 1, 2016 at 2:21 PM
Hello Peter,

I reviewed the link and the attack is merely using password list and certain rules to attempt to crack the header without using the TrueCrypt software.

No encryption product is immune to password cracking attempts when users select a password like "p@ssword" that was used on one of the TrueCrypt containers from the link you provided.

Also, VeraCrypt has greatly increased the number iterations for the hash from TrueCrypt's iterations.

Per the VeraCrypt home page:
TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.

This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted data.
.
In other words, brute force attacking using password lists is slowed down tremendously between each password guessing attempt since to unlock the header requires running through VeraCrypt hash iterations per each password attempt.

You can set a custom multiplier to create a custom hash iterateraion using VeraCrypt feature called PIM.

https://veracrypt.codeplex.com/wikipage?title=Personal%20Iterations%20Multiplier%20%28PIM%29

The solution is simple. Use strong passwords and/or keyfiles (keyfiles are not available for system encryption).

Kind Regards.