Date: Sat, 09 May 2015 22:04:57 +0200 From: Frank Dittrich <frank.dittrich@...lbox.org> To: john-users@...ts.openwall.com Subject: Re: Advise on best approach (truecrypt pw based on pdf file) On 05/08/2015 07:47 PM, Demian Smith wrote: > I've recently lost my truecrypt PW and am thinking to approach the > recovery with JtR but am unsure about the best approach to do so. So > hopefully I could get a couple of pointers into the correct direction of > setting it up. Is that a truecrypt encrypted Windows System partition, or just a normal partition or truecrypt volume? I just ask because I am not sure whether anybody verified that using john for Windows system partitions works at all. (I think I remember that the realcrypt Linux package had trouble with Windows system partitions, but I don't remember any details.) That truecrypt2john was able to extract something that it interpreted as a truecrypt partition "header" or whatever does not really mean that you'll notice when you enter the correct password. So, we need someone who is willing to share some information about a real Windows system partition including the clear text password. Then we need to check whether john finds the correct known password for the hash(es?) extracted by truecrypt2john or whether some adjustments are needed. If you create a new Windows test installation for that purpose, make sure you don't use a GPT, because truecrypt can't handle GPTs. May be https://github.com/DrWhax/truecrypt-archive could help to find out whether and how encrypted Windows system partitions differ from regular partitions or truecrypt volumes. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.