|
Message-ID: <555E4524.5010900@gmail.com> Date: Thu, 21 May 2015 22:50:44 +0200 From: Marek Wrzosek <marek.wrzosek@...il.com> To: john-users@...ts.openwall.com Subject: Re: Recovering truecrypt pass-phrase with known keyfile W dniu 21.05.2015 o 21:42, Rich Rumble pisze: > On Thu, May 21, 2015 at 2:55 PM, magnum <john.magnum@...hmail.com> wrote: >> On 2015-05-21 20:30, Rich Rumble wrote: >>> >>> On Thu, May 21, 2015 at 1:36 PM, magnum <john.magnum@...hmail.com> wrote: >>>> >>>> On 2015-05-21 19:27, Dhiru Kholia wrote: >>>>> >>>>> >>>>> On Thu, May 21, 2015 at 5:28 PM, Marek Wrzosek <marek.wrzosek@...il.com> >>>>> wrote: >>>>>> >>>>>> >>>>>> Lately I've been reading TrueCrypt User Guide and I'm curious. Is it >>>>>> possible to recover pass-phrase of truecrypt volume with known keyfile >>>>>> using JtR? If not, are there any plans of adding this to john in the >>>>>> future? >>>>> >>>>> >>>>> >>>>> Seems to be simple enough, >>>>> >>>>> https://github.com/bwalex/tc-play/blob/master/crypto.c#L201 >>>> >>>> >>>> >>>> I see nothing there. Isn't that part of the code using already decrypted >>>> keyfile data? >>> >>> If I recall from TC's doc's it read the first 1024 bytes of the >>> keyfile and used that as the second part of the password. >>> <quote> >>> Any kind of file (for example, .txt, .exe, mp3, .avi) may be used as a >>> TrueCrypt keyfile. However, >>> we recommend that you prefer compressed files, such as .mp3, .jpg, >>> .zip, etc. Note that TrueCrypt >>> never modifies the keyfile contents. Therefore, it is possible to use, >>> for example, five files in your >>> large mp3 collection as TrueCrypt keyfiles (and inspection of the >>> files will not reveal that they are >>> used as keyfiles). >> >> >> I see. So we'd just add ability to use a keyfile in addition to the cracking >> we currently have. I thought a keyfile was something like >> passphrase->KDF->key but that was not the case. > Yeah a TC "keyfile" was supposed to be a 2nd factor that avoided keylogging. > -rich > Keyfile could be used with empty password and in that case one should check that without using john. In general, keyfile is transformed somehow using hash function and then is applied to the password by XOR-ing it together. Algorithm is described in Truecrypt User Guide on pages 141 and 142. https://download.truecrypt.ch/documentation/TrueCrypt%20User%20Guide.pdf#page=141&zoom=auto,54,771 -- Marek Wrzosek marek.wrzosek@...il.com
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.