How To Crack Truecrypt Bootloader

  1. This will also install the TrueCrypt boot loader on the boot sector of your hard drive. This is a major reason why this encryption is so great. There is virtually no way to boot into the Windows file system without having the decryption key.
  2. I’ve been playing with TrueCrypt‘s Boot Loader Screen Options to display a custom message when I boot my laptop with full disk encryption. It’s probably enough to be misleading during a casual inspection of your laptop: The screen doesn’t even display asterisks when you type your TrueCrypt password.
Active2 years, 7 months ago

Quote:If you want to crack a bootable crypted partition No, I don't want to crack a bootable crypted partition. It is a simple, non-bootable crypted partition on a external (USB) device. To be exact, the device has got 2 partitions, one of them is formated as NTFS, the other one is encrypted.

I am looking to encrypt a few drives of mine, and my ONLY interest is security. It is OK if my VeraCrypt volumes are not compatible with TrueCrypt, and vice versa.

There is a lot of talk about 'TrueCrypt is dead' and it seems there are two forks out there now gaining momentum. The one more interesting to me is VeraCrypt, and from the research I have done, this looks like the 'more secure' option. But is that so?

That is why I am asking you all here. I know what VeraCrypt claims, I know they say they do more hash iterations of the password to derive the encryption keys. That sounds nice and all, but...

Does anyone have real world experience using Veracrypt and is it as good as advertised? How does it compare to TrueCrypt?

Does anyone have a security reason why they would choose TrueCrypt over VeraCrypt? Any reasons at all why TrueCrypt is preferable to you?

I'm not on the 'TrueCrypt is dead' bandwagon, I am just in trying to be progressive, so I would choose a newer 'better' option if it is available. But with that being said, I would also choose to go with the older option if it is actually better than the newer options. Your thoughts?

techraf
8,34910 gold badges35 silver badges54 bronze badges
Radmilla MustafaRadmilla Mustafa
5031 gold badge7 silver badges11 bronze badges

4 Answers

I would still choose TrueCrypt for a matter of trust and the 'many eyes' theory:

  • After the 'TrueCrypt scandal' everyone started looking at the source for backdoors.

  • The TrueCrypt audit finished on April 2, 2015. They found low-risk vulnerabilities, including some that affect the bootloader full-disk-encryption feature, though there is no evidence of backdoors.

  • If VeraCrypt start changing TrueCrypt fast, they may introduce a few vulnerabilities. Since VeraCrypt is currently less popular than TrueCrypt, there are 'less eyes' watching at the VeraCrypt source code changes.

  • I consider that TrueCrypt 7.1a have all the features I need. An audited TrueCrypt with the vulnerabilities fixed would be the perfect choice. Unless I personally watch VeraCrypt source code diffs, it would require an audit on the changes, or a high increase in popularity, or many years of maintenance and active community to make me trust them more than the good old TrueCrypt.

  • The increase in iterations to mitigate brute force attacks only affects performance. If you chose a 64-char random password, 1 million years of brute forcing or 10 million years is the same from a security stand point.

How To Crack Truecrypt Bootloader Unlock

(I downloaded the public key of TrueCrypt admin years before the scandal. So I can download a copy of TrueCrypt 7.1a from any source and verify its authenticity)

This answer may change after they publish new results from the audit. Also, if you are the VeraCrypt dev, the trust argument doesn't apply (because you trust yourself).

b2419326b2419326

Yes. Use VeraCrypt.

As of September 26th 2015, google's security researchers found a couple of vulnerabilities that affect TrueCrypt 7.1a and VeraCrypt 1.14

they are CVE-2015-7358 and CVE-2015-7359

On September 26th, 2015 VeraCrypt released 1.15 which fixes those vulnerabilities.

On October 17th, 2016, VeraCrypt's audit by the QuarksLab has been completed and as a result, VeraCrypt version 1.19 has been released to address vulnerabilities found.

Sources:

Edit: added the October 17th, 2016 QuarksLab audit info

UngluedUnglued
Crack truecrypt password

If you do a diff on TrueCrypt and VeraCrypt, remove all of the name change and version code, you are left with a reasonable size patch to look at. VeraCrypt uses SHA256, which is better than SHA512 because of the key schedule. Besides the aforementioned iteration count, the other notable changes are NTFS support, upgraded WxWidgit support, volume format change, and inclusion of RSA's PKCS11 headers. Minor changes are things like changing .tc files to .hc, better packaging options for distribution, etc.

After applying the reduced patch set, I added Keccak to the mix for encryption and hashing. The stream cipher is nice to use in the middle of a cascade such as Serpent, Keccak (SHA3), then AES.

I was going to add support for TrueCrypt containers, but decided against it since I personally think the format change is an advantage.

Summing up, it's not that hard to audit using the above mentioned patch set.

Best practice dictates you use the verifiable TrueCrypt 7.1a distro, and download your own PKCS11 headers from RSA. If building for a Mac, use your own copy of nasm instead of the one included or download it yourself from its web page.

That's what I use and will continue to use until I have to change encryption algos when time dictates to do so.

Joe BlowJoe Blow

I have been using TrueCrypt for years on Linux and Windows systems and was quite happy with it. Recently, I upgraded my Linux PCs to Ubuntu 16.04 and thought it would be the right moment to switch from TrueCrypt to VeraCrypt. I went ahead and converted TrueCrypt containers into VeraCrypt containers by simply changing the password as indicated in the documentation. I did it especially for an internal 1Tb hard disk drive formatted in two 500 Mb partitions. It appeared that whereas TrueCrypt decrypting of my partitions was previously performed within seconds, VeraCrypt decrypting now requires 4 minutes for each partition. This is unacceptable for me because I have to wait 8-9 minutes for my PC to be up and running in the morning. I therefore consider to switch back to TrueCrypt, which --all things considered-- looks like a good trade-off between improved security and convenience.

Michel DietrichMichel Dietrich

protected by Jeff FerlandJan 23 '17 at 21:33

Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?

Not the answer you're looking for? Browse other questions tagged disk-encryptiontruecryptveracrypt or ask your own question.

TrueCrypt comes up frequently in Ask Leo! answers. Many people are concerned about things like privacy, identity and data theft, particularly on computers or on portable devices where they might not always have total physical control of the media.

Truecrypt Password Recovery

Someone might gain access to sensitive data stored on your computer.

Encrypting your data renders that access useless, even when your computer or your thumbdrive falls into the wrong hands.

And TrueCrypt makes it not only easy, but nearly un-crackable.

IMPORTANT On September 30, 2015, it was reported that a serious security vulnerability
A vulnerability is a bug or design flaw in software that allows that software to be used in some malicious and unintended way.
All software has bugs, which are nothing more than mistakes made in the design or implementation of the software. Bugs can take many forms, from simply displaying something improperly, to crashing the application or entire machine.
When a bug can be intentionally triggered and in turn exploited for malicious purposes, that bug is termed a vulnerability.
The results of exploiting a vulnerability may have nothing to do with the software’s primary purpose. All that matters is that the vulnerability can somehow be used by malware – typically to infect the machine on which the software is running.
(Click on the term for full definition.)
'>vulnerability had been discovered in TrueCrypt. Not a fault in its encryption

Crack Truecrypt Encryption Password

Encryption is the process of mathematically processing data using an encryption “key“, such as a password or passphrase, in such a way that the result of the combination is unrecognizable as the original. Encrypted data can be restored to its original form by reprocessing it, using the original encryption key (symmetric encryption) or the matching key of a key pair
(Click on the term for full definition.)
'>encryption, but rather a more traditional vulnerability that malware [malicious software]
Malware is short for malicious software. Malware is a kind of catchall phrase that encompasses pretty much any kind of software that could cause harm to your data or your machine.
(Click on the term for full definition.)
'>malicious software could use to gain administrative privileges on your Windows machine.

Since TrueCrypt development has halted and no fix is likely forthcoming, I can no longer recommend its use.

Bootloader

My tentative understanding is that VeraCrypt is a free, compatible, and supported alternative, based on a fork of the original TrueCrypt code. And yes, these most recent vulnerabilities are supposedly fixed therein.

IMPORTANT: On May 26th, 2014 TrueCrypt development was abruptly and somewhat mysteriously halted. While I still use and recommend TrueCrypt, please also read Is TrueCrypt Dead? for what happened, and any late-breaking updates.

There are two approaches to using TrueCrypt:

  • Whole Drive encryption
    Encryption is the process of mathematically processing data using an encryption “key“, such as a password or passphrase, in such a way that the result of the combination is unrecognizable as the original. Encrypted data can be restored to its original form by reprocessing it, using the original encryption key (symmetric encryption) or the matching key of a key pair
    (Click on the term for full definition.)
    '>Encryption
    – you can use TrueCrypt to encrypt your entire Hard Disk Drive [HDD]
    An HDD, or Hard Disk Drive, is data storage made up of magnetic spinning disks.
    (Click on the term for full definition.)
    '>hard disk, including the partition
    A partition is a division of the area on a physical hard disk (or disk-like device) into one or more logical disks.
    (Click on the term for full definition.)
    '>partition you boot from. In order to boot the machine, you must first supply your pass phrase to enable decryption. Once booted, data is automatically and transparently encrypted and decrypted as it travels to and from the disk. Once your machine is turned off, the data is unrecoverable without knowing the pass phrase.
  • Container Encryption – with this approach you create a single file on your computer’s hard drive that is encrypted. You then “Mount
    To mount is to attach or otherwise make accessible or available something to the computer it’s mounted on.
    The term originates back in the days of mainframes using large disk-packs and reel-to-reel computer tapes. When the information on one of the packs or tape was required, the computer would display a request for the computer operator to actually locate and physically mount the the pack or tape in its respective disk or tape drive. Once mounted, the data stored on these devices could be accessed by the computer.
    Today the term has less of a physical connotation and more of a logical one, but the fundamental concept remains the same.
    Instead of a physical disk or tape, files such as ISO files, TrueCrypt volumes, or even some backup images can be mounted using the appropriate software, making their contents appear as an additional virtual disk drive on the computer – perhaps drive “Q:”, as an example. Once mounted, the contents of these files can be read and written by simply accessing the newly added virtual drive that appears when mounted.
    Unmounting, or less commonly, dismounting, is the reverse: taking the file that has been mounted and detaching it from the system, so its contents are no longer accessible via a virtual drive.
    (Click on the term for full definition.)
    '>mount” that file using TrueCrypt, supplying the correct pass-phrase to decrypt it after which the contents of that file appear as another drive on your system. Reading from and writing to that “drive” automatically and transparently decrypts and encrypts the data. Once the drive is unmounted, the data is once again unrecoverable without knowing the pass phrase.
Data encryption is an important part of an overall security strategy. TrueCrypt can be a key part of that strategy.

I tend to prefer container based encryption for its portability, and for the fact that you need only mount the encrypted drive when you need access. I keep a bunch of my personal information in a TrueCrypt container that I regularly copy between machines, onto a thumbdrive, and I even back it up to the internet. When I need the data thereon, I simply mount it, specify my pass phrase to unlock it, and use the files that are stored within it however I need. In my case, I keep spreadsheets, public and private keys, documents, and even my Roboform password database on it, all securely encrypted when not in use.

TrueCrypt is not tied to any one platform, your user account or anything else; just the pass phrase. In fact, you can copy your encrypted file to another machine entirely and mount it with TrueCrypt. Even using other operating systems such as Mac or Linux

Linux is an operating system, just as Microsoft Windows or Apple’s MacOS are operating systems. Operating systems are the software that control the operation of a computer and provide a consistent interface, or API, that programs use to access the features and functionality of the operating system and computer.
(Click on the term for full definition.)
'>Linux.

I do have to throw out a couple of important caveats:

  • Encryption does not make a bad pass phrase any more secure. If you choose an obvious pass phrase, an attack can certainly be mounted that could unlock your encrypted volume. This is why we talk about pass phrase instead of password. Use a multi-word phrase that you can remember to be the key to your encrypted data, and it’ll be much, much more difficult to break.
  • An encrypted volume does you no good if the files you care about are also elsewhere on your machine.
  • That being said, make sure you have secure backups, updated regularly. Preferably keep them UNencrypted, but secure in some other way, in case you lose your encrypted volume or forget your pass phrase. If you’ve chosen a good passphrase
    A passphrase (or pass phrase) is simply a password constructed of multiple words. Typically, though not always, the words in a passphrase are separated by spaces, as one would normally type.
    The advantage of a passphrase is that it’s significantly easier to remember than complex passwords, and therefore can be significantly longer. Much longer passwords are generally considered more secure, even when they’re composed of common dictionary words. Even then, a simple alteration – perhaps replacing all of the spaces with periods, or all of the letter Os with number 0s, which can be easily remembered – can further obfuscate and make even dictionary-based attacks a practical impossibility.
    The limiting factor is typically the system on which the password is to be used. Many do not accept spaces or allow for a sufficiently long password for a pass phrase to be used effectively.
    One example of a passphrase is “correct horse battery staple“, made popular by the webcomic XKCD. It also shows that the phrase need not even make sense, as long as it’s memorable.
    (Click on the term for full definition.)
    '>passphrase, without it the data is not recoverable.

Data encryption is an important part of an overall security strategy. TrueCrypt can be a key part of that strategy.

I recommend it.