Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 09 May 2015 22:04:57 +0200
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-users@...ts.openwall.com
Subject: Re: Advise on best approach (truecrypt pw based on pdf
 file)

On 05/08/2015 07:47 PM, Demian Smith wrote:
> I've recently lost my truecrypt PW and am thinking to approach the
> recovery with JtR but am unsure about the best approach to do so. So
> hopefully I could get a couple of pointers into the correct direction of
> setting it up.

Is that a truecrypt encrypted Windows System partition, or just a normal
partition or truecrypt volume?
I just ask because I am not sure whether anybody verified that using
john for Windows system partitions works at all.
(I think I remember that the realcrypt Linux package had trouble with
Windows system partitions, but I don't remember any details.)

That truecrypt2john was able to extract something that it interpreted as
a truecrypt partition "header" or whatever does not really mean that
you'll notice when you enter the correct password.

So, we need someone who is willing to share some information about a
real Windows system partition including the clear text password.
Then we need to check whether john finds the correct known password for
the hash(es?) extracted by truecrypt2john or whether some adjustments
are needed.
If you create a new Windows test installation for that purpose, make
sure you don't use a GPT, because truecrypt can't handle GPTs.
May be https://github.com/DrWhax/truecrypt-archive could help to find
out whether and how encrypted Windows system partitions differ from
regular partitions or truecrypt volumes.

Frank

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.