Comments on: Truecrypt, a variety of bruteforcing options

By: LiquidMK

LiquidMK — Tue, 03 Nov 2009 22:57:26 +0000

Wow, [b]james[/b] described really magic algorithm of forgotten password recovery! I’d made dictionary with Excel macro and with true.crypt.brute it took just about 5 minutes to recover my data! )
I’m happy!!!

By: German

German — Sat, 17 Oct 2009 23:12:21 +0000

Hi guys,

could you tell me how to use that software now exactly concerning the word file. do i just have to copy and paste it?

more important: how can i edit or modify it in such way that there are just some letters left which habe to be combined to brute force the correct password? i wanna reduce it to the letters i’m sure that they are the right one, i just lost the sequence…

Cheers!!!

By: 1664

1664 — Tue, 06 Oct 2009 15:25:04 +0000

Thanks for the info Diablohorn & James, i changed my password while drunk and now dont remember it i usually use a combo of about 3-4 diff words out of 10 or so that are personal to me so am hoping the excel and macro method will help me out, again thanks for sharing your info

By: diablohorn

diablohorn — Mon, 07 Sep 2009 22:19:50 +0000

here is a new link and the link above has been adjusted:

http://diablohorn.tbhost.eu/distribute/truecrypt_brute_building_blocks.zip

By: dave

dave — Sat, 05 Sep 2009 19:30:52 +0000

The link above to the zip is dead (rapid share). says been removed?

By: Saiketsu

Saiketsu — Wed, 05 Aug 2009 17:50:52 +0000

James, i’m gald to see that someone used the same method than me to create a super-password, then lost it and recovered it with a BF. I’m going to try your method. Thanks !

By: Christoph

Christoph — Fri, 17 Jul 2009 14:31:31 +0000

@dezrah: You’re chances are actually pretty good to crack the password. Assuming you have an alphabet of 11 characters and a 9 character password. If you did not use duplicates, you have about 20 million combinations.

If you did use multiples, your search space is 285 billion. However, again assuming that you would not use a word like fffffffff (e.g. limit to max. character reuse of 2) you might end up with something like more manageable like in the lower hundred millions or so

By: DiabloHorn

DiabloHorn — Fri, 17 Jul 2009 08:41:14 +0000

This is interesting information. I’m glad you found your password. It will always be worth a shot if some information is known about the password.

By: james

james — Fri, 17 Jul 2009 02:53:32 +0000

So after running overnight the password was waiting for me on my desktop. Definitely a solution that works, at least in my example; turned out my password was a combination I would never have thought of. I ran a word list that had 14k possibilities, using Excels to combine 7? passwords 4 deep into every possible combination (always 4 deep). If you are reading this then good luck and keep your passwords strong and write them down somewhere…my “super password” was 40 characters long…without knowing what made it up I think I would have needed a Cray or something to get it done, and then I probably would have had to wait a few years.

By: james

james — Thu, 16 Jul 2009 02:35:12 +0000

I found your information informative, but not very useful. I tried the script mentioned with the autoit program and could not get it to work. Searching through the autoit forums found that the guy that wrote it (the real author) was asking about how to get it to run and ditched it because it was flawed. I could not get my BT4 running on my VMWare Fusion and did not have a thumbdrive handy, so I went with a VMWare Windows solution. I found a program called true.crypt.brute that runs dictionary attacks against truecrypt containers. It can be found at securityvision.ch/download.php. I had to create a custom dictionary because my problem was as follows: I got paranoid and put a bunch of personal files into one giant container (20gb), and used 4 or 5 strong passwords (that I routinely use) to generate a super-password. Unfortunately I forgot to write the awesome password down, so I didn’t know the order the smaller passwords were in. In my own defense I was on some powerful painkillers at the time, but that is another story. I needed an automated way to find the password. So…after much searching came to the brute forcer mentioned. I did some more searching for the dictionary fix, and came up with using Excels and a macro, which can be found by “googling” google answers phrase permutation. With these two tools I have generated over 12k possibilities. Unfortunately the brute forcer takes approximately .5 seconds per try. When it is completed it will pop up with the correct password…I’ll let you know when it finishes. I would guess that all of this research took 12 hours or so. I did find some other useful, easy to use tools in my search, including a great password generator (unfortunately it will only mix 2 deep vice the 4-5 I needed). It is called s-wordlist tool, though I don’t remember where I found it. It was written by “beda” and has a link in it, “beda.securiboxDOTnet”. I could not find it in 5 min and am done researching, but it is a great dictionary creation tool with more options than I found anywhere else.