Security → Truecrypt - Forgot My Password

I have 10GB worth of data locked up in an encrypted TrueCrypt file and I forgot the password to it. Is there any way to recover it?

I have been searching around for an answer and have read about several brute force techniques.

Currently, I am trying to figure out how to use an app someone wrote called CrackTC. It is an app specifically written to recover TrueCrypt passwords via brute force. However, I am having difficulty understanding how to use it.I have loaded up the latest version of Ubuntu into VMware but am a complete noob with it and have no clue how to use it. How do I get this app running (attached)?

Also, the password generator that the above quote refers to is a bit expensive. Does anyone know a better/cheaper/FREE alternative for this?

Thanks!

Haha good luck with this. Unless you used a completely insecure password there is no way of brute forcing it. Thats the whole point of encryption... Even the most basic mode of encryption truecrypt offers you wouldnt be able to brute force it.

No. What would be the point of TrueCrypt if there was a way to recover it? Your only hope is to try and brute force the password, but if you had a complex password, good luck with that. Maybe you can rent the Cray XT5 for a few days?

I hope you also understand that this could take longer than you will be on this earth. Using an example of say two billion password possibilities at a rate of 2.5 passwords a second is roughly equivalent to 25.3 years. That is just an example. There are many more possible password combination's than two billion. If you have no clue what the password is then the password combination's are near limitless.

Yes.
Put in a little quality think-time and remember the password.

If you can't remember passwords, then they need to be written down and hidden somewhere.
Of course, the problem with that is that you then need to remember where you've hidden them.

I had a similar situation with a TC container. Though I'd opened it dozens of times before for some reason the password stopped working. I was extremely confident I knew the password. But since it wasn't working I wrote a Perl script to try as many permutations of the password as I could think and loosely tied to that format brute forcing the rest (remembered password length -3/+4 characters). It never did work. No biggie.

I'm thinking the container may have gotten corrupted somehow.

You're pretty much boned.

And single-digit passwords per second? Talk about GLACIAL! A decent brute-forcing program will do thousands, even tens of thousands per second on a similar CPU.

Also, I've used a much more advanced (Passware Password Recovery Kit 9.7) program to attempt to crack a TrueCrypt volume. It didn't work.

A modern GPU (like an Nvidia Tesla or a Radeon 5970) can test over *2 billion* keys per second (depending on the password hash used).

Rename your truecrypt container to something blah blah blah U.S.Miliatry blah blah Classified and send it to wikileaks.

Tell them it's some highly classified shit that you got off from highly reliable source and let them do the work for you.

Wikileaks had enough resources last time to rent a super PC in order to crack the last encryption so I bet they will do the same for you.

Oh and ask them for the decrypted data back.

problem solved.

LOL with tempnexus, that's a good un! Or maybe you could set up a Boinc program and inspire people donate computer time to crack your code, kinda like this: »www.enigmaathome.net/

quote:

---

ZodiacKiller said A modern GPU (like an Nvidia Tesla or a Radeon 5970) can test over *2 billion* keys per second (depending on the password hash used).

---

Wow, imagine what the NSA can do!

Then he'd have to sue TrueCrypt.org:

»Microsoft, Compaq, Circuit City Failed to Secure My Pr0n!

Hi,

I tried the crackTC under Ubuntu but it opens up the pass dialog in Truecrypt and then freezez by the first entry in the pass.txt.
Any idea why?
Thankx.

Probably because it just doesn't work.

I believe you are speaking of using CUDA (for Nvidia) , no? The password cracker would have to be written to take advantage of it but yes I agree that it could help quite a bit.

I would say the OP has a reasonable chance if they can at least remember part of the passphrase for instance "???dog???cat" where "?" are unknown. If all methods fail and the data has long term value the OP should probably keep it for years later in case computing power becomes becomes enough that they can crack it (or else a bug is found which makes it possible).

Regarding the delay, I don't know and haven't checked but is it possible that it is partially due to a scheme which truecrypt has implemented to slow down standard bruteforce attacks?

OP, more than likely you will need to custom write something after studying the truecrypt implementation thoroughly. Or else you will need to commission someone to do this for you. I will do some research and see if I can find any better utilities or librari4es for this since it is of interest to me as well. No promises though.

Yes either CUDA for Nvidia or Stream for ATI cards. Both can be used to speed up the password cracking process as has been done by Elcomsoft (a software vendor specializing in this stuff). They, and others, have benchmarked top-end cards at well over 2 billion passwords per second (again, depending on the hash).

I'm glad TC can't be beat so easily. Nothing against the TS but threads like this make me wonder if someone is just trying to break into someone TC container, and I'm hella glad they can't.

In looking more into this and reading again I see it simply calls the Truecrypt program itself apparently from the terminal (like a shell script) and that's why it will never be faster than about 4 tries per second. Obviously this approach isn't going to work. (You might as well not even bother with it as is!)

I think you will either need to (or commission someone) to examine the Truecrypt source code (it is open source) and then modify it and form a utility specifically to attempt to crack the password. That's going to take a lot of expertise and time on someone's part. As mentioned they should also do something to attempt to take advantage of Cuda. Then with say a good Quad Core (the CPU still directs CUDA GPU so it is needed), a motherboard with many PCI Express slots, later model Cuda capable GPUs (as many as can fit and until you max the bus or other resources) and an ample bus you might have a crack at it. You should probably have some ideas as to length and possible strings which could be in it (Assuming it is you who really created the passphrase initially).

From looking I haven't seen any such software like this. But it could be done in theory if it were a matter of life and death and you were willing to put in the resources. A pure brute force of anything over about 10 alphanumeric characters probably isn't going to happen but again if you know some of the make up of the passphrase or chose an insecure passphrase then it can potentially be done with just one machine and quality code.

Added: I forgot to mention I did not examine this program you mentioned. Be very careful -- even on Linux -- when getting such programs from "iffy" sources. Unless you have the source code and are able to understand it, you're taking a risk. Be aware of that, especially with utilities like this.

To the best of my knowledge TC has never been cracked.

»www.truecrypt.org/faq

"I forgot my password – is there any way to recover the files from my TrueCrypt volume?

TrueCrypt does not contain any mechanism or facility that would allow partial or complete recovery of your encrypted data without knowing the correct password or the key used to encrypt the data. The only way to recover your files is to try to "crack" the password or the key, but it could take thousands or millions of years depending on the length and quality of the password/keyfiles, on software/hardware efficiency, and other factors."

You could ask in TrueCrypt's forum too. Good luck.

That is why I make backups of my TrueCrypt container files to avoid these corruptions. It can happen with any datas and it sucks.

Related: »FBI Failed To Break Encryption of Hard Drives

May I suggest hypnosis? (Seriously)

If you initially put some time into selecting the password and it actually got into your long-term memory, that's about all I can think of.

RE: the brute forcing speed:
It's not the fault of the cracking program. TrueCrypt itself appreciably slows down brute forcing attempts, just as it was designed to do. Somewhere around 4 pw/sec is typical for a Core2 Duo attempting to crack TC using the unmodified program. Much of the slowdown is unavoidable, as there are computational requirements that must be met (via multiple iterations etc.) in order to calculate the master key. However, some of the slowdown can by bypassed by building a custom version of TC that skips any unused algorithms (if you know which algorithms were used to build the container) and doesn't test for hidden volumes or the embedded backup header. You might get a roughly 10x to 20x speed increase that way. The only other way to appreciably speed things up would be to set up multiple CPUs attacking the problem in parallel.

Wordlists can be generated in a number of ways. Kristanix's Password Generator Pro is quite good, but if the job isn't too complex then a simple batchfile could also be used.

However, before you dive into things you should ask yourself whether or not there are too many combinations to test. Do you have partial memory of the password? How many characters are you unsure of? What types of characters did you use? For example, if you're missing only four characters and you used only upper and lower case alpha plus the numbers 0-9 then you would have 62 x 62 x 62 x 62 combinations = 14.7 million. At 4 pw/sec this would take up to 43 days.

A password failure like that is crazy.

Here Drunkula knew the password but TrueCrypt would not accept it. Drunkula's post is an eye-opener. The 'forever denied access' problem is a concern and a legitimate fear for anyone using TrueCrypt or for anyone thinking about using it. If nothing else the password failure that Drunkula wrote about planted a seed in every TrueCrypt user who happened to read it. They will now and forever have it in the back of their head that there is the chance of one day waking up and being locked out of TrueCrypt, locked in a state of denied access, a severe system failure that renders their true password useless, with no known fix. They will carry the thought of this potential breakdown around with them in the back of their head day after day, everyday. A TrueCrypt users unease will stay with them for as long as they continue to use TrueCrypt. The mind-numbing experience Drunkula described is enough to make someone new to TrueCrypt not want to use it (I just discovered TC). No one wants to be denied access to their container due to an unfixable system failure like the one Drunkula experienced, that's crazy. Unless the TrueCrypt user has a crystal ball, they will never have complete peace of mind, not after reading about the terrible thing that happened to Drunkula.

I'm amazed that none of the other TrueCrypt users who post here did not comment about the denied access failure and the inability of Drunkula to get into his container. Maybe they don't want to think about it. Maybe the thought of a system failure that renders their true password useless scares the daylights out of 'em. I'm not sayin' that a complete failure like the one Drunkula experienced is inevitable. I'm just sayin' the thought of a potential failure like that is enough to make a healthy person sick in the stomach.

If the information within the container is important then you would have a backed up container for when a failure does occur.

Yes, due to a variety of reasons you can be totally and irrevocably locked out of your encrypted container. Many users partially forget their passwords, and of course they also forget to make a written copy and store it in a safe place, so the only recourse is to try to crack it.

Sometimes the volume header becomes corrupted. If any one of the 512 crucial bytes becomes altered then no password on earth will get you back into that container. The obvious solution is to keep a backup header, which takes about 1 minute to create. There is also an embedded backup header at the end of the every volume, so even those idiots users who don't manually back up their headers or their data still have a decent chance at regaining access.

There are many other ways to permanently lose access, including accidentally formatting an encrypted disk or partition, allowing an encrypted disk to become automatically initialized by Windows, moving or resizing an encrypted partition, accidentally deleting an encrypted file container, and many more. In almost every case the underlying problem is either an overwritten or a misplaced volume header. Restoring an overwritten header is very easy if you have a backup copy. Finding a misplaced header (e.g. due to an accidentally deleted partition or file) is a bit tougher, but it can sometimes be done.

The bottom line? Stuff happens. Encryption is dangerous. There's no point in trying to sugar-coat it. All users of encryption should be aware that an unfortunate screwup or a silly glitch can result in them being permanently locked out of their encrypted volumes. However, for TrueCrypt users this risk can be considerably reduced by keeping a backup of the password, the keyfile(s) (if used), and the volume header. Ideally, all encrypted data should be backed up as well.

Hard drives are dangerous too, by the way. Failed hard drives have accounted for far more lost data than encrypted volumes. Either way, it's a mystery to me why more users don't keep backups.

Well said, dantz. I have been meaning to make a backup of my LUKS header but have been too lazy. After reading this thread, I may get right on it.

And those numbers are only for a password with a maximum of 26 possible values per position. Just imagine the time that a more complex password (mixed case, numerics and symbols) would take!

quote:

---

dantz said: However, for TrueCrypt users this risk can be considerably reduced by keeping a backup of the password, the keyfile(s) (if used), and the volume header. Ideally, all encrypted data should be backed up as well.

---

Please provide info for TC newbs on how to back up the bolded items. (I have the password in a KeePass file, can I put the rest there?) Thanks!

I do see info in TC documentation for backing up the entire volume.

quote:

---

Due to hardware or software errors/malfunctions, files stored on a TrueCrypt volume may become corrupted. Therefore, we strongly recommend that you backup all your important files regularly (this, of course, applies to any important data, not just to encrypted data stored on TrueCrypt volumes).
»www.truecrypt.org/docs/

---