Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <555C1F1F.5060305@web.de>
Date: Wed, 20 May 2015 06:43:59 +0100
From: Demian Smith <demian.smith@....de>
To: john-users@...ts.openwall.com
Subject: Re: Advise on best approach (truecrypt pw based on pdf
 file)

Hi magnum,

thank you for looking into it for me - the plausible deniability (?) is
a nice feature and I believe it's one that it is good to have.

In the last weeks I did run with the --format option, as I think I would
not have changed the defaults. Which - on my linux machine - are ripemd
and aes. I hope they would have been the same on a win machine, but
can't verify, as I don't have an old truecrypt copy lying around.

So, I have removed the hidden-container lines from the file (I know
there's no hidden volume) and am now back to running the wordfile onto
it and then incremental... Will keep my finger's crossed though =)

Cheers,
Demian

 ★ On 15/05/20 01:12 a.m. Magnum wrote ★
> The hash_nopart one from sdb has entries with mostly nulls so is not
> likely correct. I just made some quick tests and reviewed the code.
> Unfortunately, truecrypt_volume2john doesn't recognize any signature or
> magic, so you can feed it ANY data and as long as it's at least 512
> bytes it will happily produce six different hashes: One for each of the
> three algorithms, plus another set of three for possible hidden volumes.
> I believe there's no way to make it any better - truecrypt is designed
> to be plausably deniable. Of the six ones always produced, I believe
> only one is ever correct (if any) and often you won't know which.
> 
> I tried running truecrypt_volume2john on some actual truecrypt container
> (file) I had lying around. Obviously it "found" six hashes in it too.
> When trying with the correct password, the correct one was cracked
> (apparently it was a RIPEMD_160 one) while the other ones are bogus
> random data that can't ever be cracked.
> 
> So, if last weeks attempts were made using the file from sbd1, and
> without using the --format option no narrow down to a particular algo, I
> think you did correct. If you did narrow it down to eg.
> --format=tc_ripemd160, I hope that's because you KNOW that is the algo
> used.
> 
> magnum
> 
> 
> On 2015-05-19 23:23, Demian Smith wrote:
>> Not all hope is lost, so?
>>
>> So, what I did was:
>>
>> attach the external device to usb and verify it's "path" via lsblk
>> and/or truecryp. This led to
>> sdb                    8:16   0 465.7G  0 disk
>> └─sdb1             8:17   0 465.7G  0 part
>>
>> I than do:
>> [demian@...nymous:~/.bin/JtR/run]$ ./truecrypt_volume2john /dev/sdb1 >
>> ~/hash
>>
>> which results in the attached hash file.
>>
>> I had tried the same on a usb key, as well running truecrypt2john versus
>> the partition on sdb1, which then had been "cracked"...
>>
>> If I create a hashfile on /dev/sdb instead, I get
>>
>> john --session=wl --wordlist=/home/wpd_for_mark_second.txt ~/no_partition
>> ASCII -> ASCII -> ASCII
>> Warning: detected hash type "tc_aes_xts", but the string is also
>> recognized as "tc_ripemd160"
>> Use the "--format=tc_ripemd160" option to force loading these as that
>> type instead
>> Loaded 6 password hashes with 6 different salts (tc_aes_xts, TrueCrypt
>> AES256_XTS [SHA512 128/128 SSE4.1 2x /RIPEMD160/WHIRLPOOL])
>> Loaded hashes with cost 1 (hash algorithm [1:SHA512 2:RIPEMD160
>> 3:Whirlpool]) varying from 1 to 3
>> Will run 4 OpenMP threads
>>
>> If I force ripemd w/ --format=tc_ripemd160:
>> initUnicode(UNICODE,ASCII/ASCII)
>>
>>
>> ASCII->ASCII->ASCII
>>
>>
>> Loaded 2 password hashes with 2 different salts (tc_ripemd160, TrueCrypt
>> AES256_XTS [RIPEMD160 32/64])
>>
>> Will run 4 OpenMP threads
>>
>> while the hashfile itself looks different ...
>>
>> i did look into the doc folder but could not spot anything related to
>> truecrypt, I hope I did not just miss it...
>>
>> Also, I hope I just made a mistake somewhere on the lines of generating
>> the hashes, maybe ...
>>
>> Thanks for keeping my hopes up,
>> D
>> -- 
>> 'It's no measure of mental health to be well adjusted
>> to a profoundly sick society.'
>>
>> Sinéad O'Connor
>>
>>   ★ On 15/05/19 09:00 p.m. Magnum wrote ★
>>> On 2015-05-19 20:35, Demian Smith wrote:
>>>> I right now run the two filters on the first txt file I create from the
>>>> suspect pdf and will then go back to incremental, as the Markov mode -
>>>> in my case - does not appear to be producing useful candidates.
>>>>
>>>> Thanks again for all the effort, I'm pretty sure this is a layer 8
>>>> issue
>>>> right now :s
>>>
>>> Maybe we should revert to verifying your truerypt_volume2john
>>> invocation/results.
>>>
>>> Please recap what you had, what you did and what you got. Were you
>>> feeding truecrypt_volume2john a file or a device special node? Was there
>>> any output on stderr? How does your "hash" file look? I still wonder why
>>> you got two "hashes".
>>>
>>> magnum
>>>
>>>
> 
> 
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.