encryption strength of TrueCrypt
danybel...@gmail.com
I am interested in making data unavalailable to unauthorised persons
by encrypting harddrives. I come across a lot of positive reviews of
TrueCrypt. I have installed it and it is indeed easy to set up and
use.
But my question is, providing I use a very strong passphrase, how hard
is it to crack the encryption used by Truecrypt, using the default
settings? And would this be done by brute-forcing my password, or by
other means.
I am an experienced programmer in multiple languages and environments,
but I know very little about encryption. I need more information
before I rely on this product.
Thx in advance.
Jim Relsh
<danybel...@gmail.com> wrote in message
news:dc84920b-4f6e-4cd3...@z38g2000hsc.googlegroups.com...
I'm not recommending the default settings. I recommend AES for encryption
and Whirlpool hashing.
Truecrypt uses 256-bit AES encryption which is uncrackable by everyone
including government agencies if your password is non-trivial. What else is
there to know?
--
Posted via a free Usenet account from http://www.teranews.com
danybel...@gmail.com
> <danybelinfa...@gmail.com> wrote in message
Well, for one thing, is it doable to brute-force the password? Any
password?
And why not use the default hashing?
Thx for the reply.
nemo_outis
news:2287a054-d2bc-43ec...@i12g2000prf.googlegroups.com:
...snip...
1) 256-bit AES encryption couldn't be brute-forced in a trillion
lifetimes of the universe if computers were a trillion trillion times
more powerful than they are now.
Cracking AES would require an algorithmic breakthrough - a gigantic one
(such as solving the "factoring problem). Even hardware breakthroughs
such as quantum computing (if they are ever implmented) would only reduce
the effective strength of AES to 128 bits (which is still completely
uncrackable now and for the foreseeable future).
The real risk comes, not from the algorithm's strength, but from defects
and errors in software implementation - or even deliberately placed
backdoors. That's why Truecrypt's open-source code is so attractive.
2) It is very rare for someone to use a password that is equivalently
strong as the underlying AES encryption algorithm (for instance a
password of upper/lower case letters and numbers must be 43 random
characters long for strength equivalent to AES-256). However, even a
much weaker password (e.g., 10-20 such random characters) is entirely
adequate against all except the premier intelligence services of a few
major governments (e.g., NSA). Alternatively, it is possible to
construct very strong long passphrases (random nonsense but with a
sentence structure) rather than passwords but which are still easy for a
human to memorize - this is the preferred method these days.
3) As for Truecrypt's default settings, they are more than sufficient.
In fact, you won't go wrong with ANY of the available encryption/hash
algorithms available in Truecrypt. It's mostly a question of subtle
theoretical preferences that might (very hypothetically!) make one
algorithm or another slightly more resistant to various attack strategies
that may be developed in the future.
For instance, some argue that AES is currently preferable because it has
undergone intense algorithmic scrutiny by the community of expert
cryptographers without any potential weaknesses having come to light.
There *have* been some defects discovered with the strength of some older
hash algorithms (e.g., MD5, SHA-1) but only in a context (finding
"collision" pairs) that is NOT applicable to how Truecrypt uses them.
However, suspicion has been cast that these older hash algorithms may
have additional latent flaws and so folks are moving to newer, allegedly
stronger, ones. Whirlpool is attractive for a number of theoretical
reasons but it is (comparatively) new and has not been exposed to
extended widespread cryptographic scrutinsy. I prefer SHA512 but you
won't go wrong with anything available in Truecrypt.
Regards,
Nomen Nescio
> The real risk comes, not from the algorithm's strength, but from defects
> and errors in software implementation - or even deliberately placed
> backdoors. That's why Truecrypt's open-source code is so attractive.
I guess you were just running your mouth for argumentation's sake all
the times you blithered about open source not being useful for finding
problems, nobody actually reviews it, no good unless you do it
yourself, hackers find flaws and don't tell anyone...
I guess it's no surprise you knew you were full of shit all along.
germaine
> Hi,
>
> I am interested in making data unavalailable to unauthorised persons
> by encrypting harddrives. I come across a lot of positive reviews of
> TrueCrypt. I have installed it and it is indeed easy to set up and
> use.
> But my question is, providing I use a very strong passphrase, how hard
> is it to crack the encryption used by Truecrypt, using the default
> settings? And would this be done by brute-forcing my password, or by
> other means.
Truecrypt is the best you can get out there, even better than paid for
solutions.
The main thing you must look at in encryption software it is if it has
been reviewed widely by QUALIFIED and KNOWLEDGEABLE cryptographers, and
Truecrypt has, any search on the internet will find those reviews,
although they are just some garble for me, I recognize the names of the
cryptographers signing those reviews as well known experts in the field.
The second thing you should look at in encryption software it is how
long it has been in use, the longer the better, because this guarantees
that most problems have already come to light, you are a programmer so
you probably know this. Truecrypt has already been used for quite a few
years for thousands of people if not millions, this is a good thing.
The main vulnerability is the strength of the passphrase, I recommend
you use a combination of a passphrase with a KEYFILE.
If you care about your security you will find the time to read the
manual that comes with Truecrypt, to understand how it works, users can
render an excellent piece of software useless if they dont understand
the basics, and Truecrypt has the best manual I have seen out there.
You need to learn about the dump file and the swap file and disable them
as they could store your passphrase, Truecrypt manual tells you how to
do it.
bealoid
@z38g2000hsc.googlegroups.com:
> And would this be done by brute-forcing my password, or by
> other means.
Depends where you live. Some places allow the courts to force you to
reveal your password or go to prison. Other places will use extra-ordinary
rendition and water-boarding.
nemo_outis
news:01d206205462e193...@dizum.com:
> nemo_outis wrote:
>
>> The real risk comes, not from the algorithm's strength, but from
>> defects and errors in software implementation - or even deliberately
>> placed backdoors. That's why Truecrypt's open-source code is so
>> attractive.
>
> I guess you were just running your mouth for argumentation's sake all
> the times you blithered about open source not being useful for finding
> problems, nobody actually reviews it, no good unless you do it
> yourself, hackers find flaws and don't tell anyone...
You still have not learned to read; I said "attractive," not "useful."
But do blither on mindlessly anyway.
Regards,
Jim Relsh
<danybel...@gmail.com> wrote in message
news:2287a054-d2bc-43ec...@i12g2000prf.googlegroups.com...
Yes, if you have 4 million years to wait for the password to be cracked. I
don't know about you, but I'm not planning to hang around for that long.
They say any encryption can be cracked and when they say that they mean that
a brute-force attack will always work, eventually. The catch is that it's
not humanly feasible.
> And why not use the default hashing?
>
Mostly because both AES and Whirlpool have been designed by the same
cryptologists, and AES has been *very* well scutinized and not found to
contain any weaknesses.
nemo_outis
news:47ed5a5f$0$26071$8826...@free.teranews.com:
> Yes, if you have 4 million years to wait for the password to be
> cracked.
4 million years would not even begin to put the smallest dent in the
problem!
For example, a computer that could check a quintillion (that's a 1
followed by 18 zeroes!) keys a second (about 1000 times faster than the
fastest current computer's speed based on a *single operation,* not a
full key test) would need about 10^13 years (1000 times the life of the
universe!) to crack AES128. AES256 would take over a trillion trillion
trillion times as long!
... They say any encryption can be cracked and when they
> say that they mean that a brute-force attack will always work,
> eventually. The catch is that it's not humanly feasible.
If "they" say that, they are wrong!
It's not even feasible from energy considerations. The Landauer limit
sets the minimum theoretical energy per computer calculation. Applying
this energy limit, just to leaf through the key space for AES128 with
theoretically minimum energy (not test the keys) would require 100
gigawatts for 100 years. AES256 would require more than a trillion
trillion trillion times this energy (or time)! And that's just to look
at each key - testing each would use many times that amount of energy!
In short, 2^256 is an **inconceivably large** number and any application
of it to calculating required resources for cracking gives numbers beyond
any realistic possibility. Brute-force cracking of AES256 is a close to
the definition of "utterly impossible" as humans are ever likely to get!
Regards,
PS http://en.wikipedia.org/wiki/Brute_force_attack
http://en.wikipedia.org/wiki/Landauer%27s_Principle
monkey_...@yahoo.com
It's only as weak as a passphrase. You can use a strong password like
you can have generated from https://www.grc.com/passwords.htm
This is one that was generated
Bcee@raQF<z|i&ma-5CUT("MjA!|iE[<ivzlkX[h*mZD.SHrNNF4aRMpNX&E=ay
I use this as a PSK (pre shared key) with AES encryption on WPA2 for
wireless encryption and I am confident
that the encryption is secure with the passphrase
Maybe people could offer solutions for passphrase storage for those
who cannot remember passwords very well.
Ari
wrote:
> Hi,
>
> I am interested in making data unavalailable to unauthorised persons
> by encrypting harddrives. I come across a lot of positive reviews of
> TrueCrypt. I have installed it and it is indeed easy to set up and
> use.
> But my question is, providing I use a very strong passphrase, how hard
> is it to crack the encryption used by Truecrypt, using the default
> settings? And would this be done by brute-forcing my password, or by
> other means.
Your password, with properly implemented encryption (TC's is) will
*always* be your Achilles heel.
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19
Anonymous
> On Fri, 28 Mar 2008 05:13:31 -0700 (PDT), danybel...@gmail.com
> wrote:
>
> > Hi,
> >
> > I am interested in making data unavalailable to unauthorised
> > persons by encrypting harddrives. I come across a lot of
> > positive reviews of TrueCrypt. I have installed it and it is
> > indeed easy to set up and use.
> > But my question is, providing I use a very strong passphrase,
> > how hard is it to crack the encryption used by Truecrypt, using
> > the default settings? And would this be done by brute-forcing
> > my password, or by other means.
>
> Your password, with properly implemented encryption (TC's is) will
> *always* be your Achilles heel.
Not always. At a certain point (40 some odd random characters for
256 bit keys?) a pass phrase becomes harder to crack than the
underlying encryption itself. That, of course, assuming all other
things are equal.
My "master password list" is a text file secured by a custom AES256
implementation using a pass phrase considerably longer than that,
but not perfectly random so that I can remember it. According to
every test I've performed it's still stronger than AES256. It would
be easier to brute force the key itself than the password I use to
secure it. :)
bealoid
> say that they mean that a brute-force attack will always work,
> eventually.
One Time Pads are provably secure, but have problems of key length and key
sharing.
bealoid
680a71...@i12g2000prf.googlegroups.com:
[snip]
> Maybe people could offer solutions for passphrase storage for those
> who cannot remember passwords very well.
"Password safe" is open source, originally by Bruce Schnieier, and free.
"Keepass" is open source, and respected my many people.
traveler 66
Just curious, who is the cryptologist?
Ari
wrote:
> Maybe people could offer solutions for passphrase storage for those
> who cannot remember passwords very well.
It's my contention that if something is really that important to you, to
keep it sacred and secret, remembering a multi-character passphrase is a
small price to pay.
germaine
>> Mostly because both AES and Whirlpool have been designed by the same
>> cryptologists, and AES has been *very* well scutinized and not found to
>> contain any weaknesses.
>
> Just curious, who is the cryptologist?
AES was designed by two Belgians, AES is also known as Rijdaendel
(spelling?), something to do with the designers surname.
Regarding Whirlpool, all I know about it is that it is the best
algorythm for 64 bit OS because it has been optimized for that,
something ring bells about this.
But the weakest point is always the user/weak pass/Windows/etc I would
be equally happy with Blowfish or Twofish. Truecrypt would never include
anything crackable (i.e DES 56).
Jim Relsh
"traveler 66" <nor...@nym.alias.net> wrote in message
news:vvs7a9pdq4lh$.1tlr6bh9pyw1g$.dlg@40tude.net...
Vincent Rijmen
According to the Truecrypt manual:
AES designed by: Joan Daemen and Vincent Rijmen
Whirlpool designed by: Vincent Rijmen (co-designer of the AES encryption
algorithm) and Paulo S. L. M. Barreto.
Sarah Dean
[snip]
> It's only as weak as a passphrase. You can use a strong password like
> you can have generated from https://www.grc.com/passwords.htm
>
> This is one that was generated
>
> Bcee@raQF<z|i&ma-5CUT("MjA!|iE[<ivzlkX[h*mZD.SHrNNF4aRMpNX&E=ay
>
> I use this as a PSK (pre shared key) with AES encryption on WPA2 for
> wireless encryption and I am confident
> that the encryption is secure with the passphrase
Well... It's not now you've gone and posted it to USENET! ;)
--
Sarah Dean
FreeOTFE site: http://www.FreeOTFE.org/
Personal site: http://www.SDean12.org/
Disk encryption comparison: http://otfedb.sdean12.org/
For information on SecureTrayUtil, Shredders, On-The-Fly Encryption
(OTFE; disk encryption) systems, etc, see the URLs above.
traveler 66
Thanks to both for your info.
Anonymous
> "Jim Relsh" <jre...@gmail.com> wrote in
> news:47ed5a5f$0$26071$8826...@free.teranews.com:
>
> > Yes, if you have 4 million years to wait for the password to be
> > cracked.
>
> 4 million years would not even begin to put the smallest dent in
> the problem!
You're confusing passwords with encryption keys.
nemo_outis
secure password and clear explanations of the infeasibility of cracking 128
or 256 bit encryption.
Regards,
Nomen Nescio
<snip a'la nemo>
"The chapter explains why BestCrypt Volume Encryption (a line in
BestCrypt family of encryption software products) has got Volume
Encryption name. Many people may think that Volume Encryption is the
same as Partition Encryption or even Whole Disk Encryption. Sometimes
it is really so, but not always, and it is worth to learn about the
difference."
*snicker*
nemo_outis
Jim Relsh
"nemo_outis" <a...@xyz.com> wrote in message
news:Xns9A6F6886B...@64.59.135.159...
> danybel...@gmail.com wrote in
> news:2287a054-d2bc-43ec...@i12g2000prf.googlegroups.com:
>
> ...snip...
>
>
> 1) 256-bit AES encryption couldn't be brute-forced in a trillion
> lifetimes of the universe if computers were a trillion trillion times
> more powerful than they are now.
>
> Cracking AES would require an algorithmic breakthrough - a gigantic one
> (such as solving the "factoring problem). Even hardware breakthroughs
> such as quantum computing (if they are ever implmented) would only reduce
> the effective strength of AES to 128 bits (which is still completely
> uncrackable now and for the foreseeable future).
That's a very interesting claim which I haven't heard before. Where did you
get that information?
And what about weakening RSA using a Quantum computer? I ask because RSA and
AES are often used together in encrypted e-mail (PGP).
nemo_outis
...
>> Cracking AES would require an algorithmic breakthrough - a gigantic
>> one (such as solving the "factoring problem). Even hardware
>> breakthroughs such as quantum computing (if they are ever implmented)
>> would only reduce the effective strength of AES to 128 bits (which is
>> still completely uncrackable now and for the foreseeable future).
>
> That's a very interesting claim which I haven't heard before. Where
> did you get that information?
The two most widely quoted "quantum algorithms" are Grover's and Shor's.
Speaking very broadly, Grover's algorithm says that a quantum computer
can search (e.g., a keyspace) in (roughly) square-root ops compared to a
non-quantum computer.
See, for instance the Wikipedia article:
Quantum Computer
http://en.wikipedia.org/wiki/Quantum_computer
especially the fifth paragraph (beginning "Consider a problem that
has...") under the heading "The power of quantum computers"
This is an application of Grover's algorithm that (effectively) reduces
AES256 to AES128 (the square root in number of bits) in terms of
equivalent "difficulty" for a quantum computer versus an ordinary one.
See, for instance:
http://en.wikipedia.org/wiki/Grover%27s_algorithm
> And what about weakening RSA using a Quantum computer? I ask because
> RSA and AES are often used together in encrypted e-mail (PGP).
Shor's algorithm is deadly for RSA and completely defeats it. See, for
instance:
http://en.wikipedia.org/wiki/Shor%27s_Algorithm
Regards,
Non scrivetemi
> See, for instance the Wikipedia article:
>
> Quantum Computer
> http://en.wikipedia.org/wiki/Quantum_computer
*laugh*
I like the introit to this article. It describes everything you'll
find on Wikipedia about quantum computing, and everyone who cites
it, to the proverbial "T".
http://www.emergentchaos.com/archives/2008/03/quantum_progress.html
Jim Relsh
Thank you for the info.
Does the some hold true for ECC (Elliptic Curve Cryptography)? Can it also
be broken using a Quantum Computer? If so, we are all in deep trouble since
private electronic communications will become difficult without public-key
encryption.
Kristian Gjųsteen
>Does the some hold true for ECC (Elliptic Curve Cryptography)? Can it also
>be broken using a Quantum Computer?
Yes.
> If so, we are all in deep trouble since
>private electronic communications will become difficult without public-key
>encryption.
For many asymmetric cryptosystems, no efficient quantum algorithm
is known. If sufficiently large quantum computers are ever built,
we are in for some pain, but the world goes on.
--
Kristian Gjųsteen
Stefan Tillich
> Does the some hold true for ECC (Elliptic Curve Cryptography)? Can it also
> be broken using a Quantum Computer?
> If so, we are all in deep trouble since
> private electronic communications will become difficult without public-key
> encryption.
>
http://postquantum.cr.yp.to/
Regards,
Stefan
nemo_outis
...
> Does the some hold true for ECC (Elliptic Curve Cryptography)? Can it
> also be broken using a Quantum Computer? If so, we are all in deep
> trouble since private electronic communications will become difficult
> without public-key encryption.
To my knowledge no stong quantum algorithms have been published with
respect to defeating ECC. However, there are several interesting allusions
to such (but no more than allusions) in a very recent discussion on
Schneier's site (under the subheading "March 23, 2008
Quantum Computing: Hype vs. Reality"):
http://www.schneier.com/blog/archives/2008/03/quantum_computi_1.html
Regards,
Kristian Gjųsteen
>To my knowledge no stong quantum algorithms have been published with
>respect to defeating ECC.
You haven't been paying sufficient attention, then.
--
Kristian Gjųsteen
nemo_outis
@kuling.itea.ntnu.no:
> nemo_outis <a...@xyz.com> wrote:
>>To my knowledge no stong quantum algorithms have been published with
>>respect to defeating ECC.
>
> You haven't been paying sufficient attention, then.
>
Fewer bon mots, more cites, please.
Regards,
Kristian Gjųsteen
Gee. I was under the impression that it was fairly obvious from how
Shor's algorithm works. But by all means, type "ecdlp shor's algorithm"
or something into Google and see what you find.
--
Kristian Gjųsteen
nemo_outis
@kuling.itea.ntnu.no:
> "ecdlp shor's algorithm"
Yep, shor enuf, Shor does discrete logs too.
Regards,