everywhere it says that a good password should be long enough (more than 12 or XX symbols).
But if i use a password mixed with mixed letters and numbers and if it has only the length of 7 letters for example
kpwem81
How long would it take with a professionell brute-force software and a state of the art pc (not an NSA-PC) to crack the password with that veracrypt encrypted folder?
What you guess, Monir Idrassi?
Thanks...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Usually, we assess the security of a password using its entropy without taking into account the work factor associated with its processing.
In your case, you are using a password with mixed letters and numbers, which in the best case gives 5-bits of entropy per-character. This is 35-bits for 7 characters password. This is very low from the security point of view (remember that 15 years ago, 56-bit DES keys could be cracked in one day using dedicated hardware).
In the context of VeraCrypt, there two elements that make the cost of a brute force very high:
high iterations count (500K).
random 512 bits salt for each volume.
The use of a such random salt means that it is impossible to create rainbow table for possible password, so only brute forcing is realistic.
Thanks to the high iterations count, there is 1 million hash performed for each password.
There are dedicated hashing hardware mainly used for Bitcoin mining but that can be applied for brute forcing also. The best available hardware of this kind can perform around 5 millions of million hashes per seconds. This means that it can try 5 million passwords per second.
Thus, since your 7 character password has 35-bit of entropy, using a single hardware device like this one, it will theoretically take an attacker 2^35 / (5 x 10^6) = 6872 seconds to crack your password...this is less than 2 hours!
This piece of hardware costs less than 3000 Dollars, so it is very practical attack.
On the other hand, if you use a 12 characters password composed of mixed letters and numbers, you'll get around 60-bits of entropy, so this attack will take around 2^60 / (5 x 10^6) = 230584300921 seconds = 7311 years!
By comparison, if you use a 20 character password composed of mixed letters and numbers, you will have around 100-bits of entropy, which implies that this attack will take 2^100 / (5 x 10^6) = 2.5 x 10^23 seconds to crack the password...this is more than the age of the universe!!
So, my conclusion: use very long passwords!
Last edit: Mounir IDRASSI 2015-04-19
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The probability of finding the password is 50 % of all possible combinations
Example SHA 256 = key 256 bits
all combinations 2^256
Great probability of finding the password is 50 %
i.e 2^128 to think that one cycle would be broken...
But finding passwords in 50 % of all hash chain/string would be impossible :)
Last edit: Anonymous 2018-01-18
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-04-19
Math is not my strong suit so I apologize for what might be a simple question. But I find this topic fascinating.
I have and older laptop and have its system encrypted with diskcryptor because it boots fast but it does have lower security. I used keepass to check my password and it says it has 123 bits entropy. I believe diskcyrptor uses sha512 HMAC-SHA-512 PRF 1000 iterations. With my 123 bit entropy password how long would brute force take?
Basically trying to figure out if a 5 minute boot time with veracrypt is worth extra security on my slow laptop. I already use veracrypt on my PC boot is only 35 seconds.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
123 bits of entropy is a high level of security only if the password is really constituted of random characters and not some patterns or dictionary words that fools the entropy estimator.
If your memory is good enough to remember such good quality password, then you are safe even with Diskcryptor. Unfortunately, not all humans are able to remember a "true" random password with 123-bits of entropy.
Anyway, with 1000 iterations, Diskcryptor performs 2000 hashes per password. This implies that the dedicated hardware I mentioned previously can try (5 x 10^12) / 2000 = (25 x 10^8) = 2.5 Billion Diskcryptor passwords per second.
Thus, a 123 bits password would theoretically require : 2^123 / (25 x 10^8) = 4.2 x 10^27 seconds...no comments!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-04-19
Thank you very much for the reply. My memory isnt that good for true random characters so I use the diceware method which I am sure you are familiar with. I would think that if an attacker knew the password was made up of only diceware word list it would be an easier attack but the 131 bits I thought would be enough.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
Imagine for a minute that your keyboard has 7776 different characters. If that were true a 7 digit password is Ok. Brute force at a trillion guesses a second would still take 5 million years to try them all.
But keyboards only have 94 or 96 different characters.
So using a pass phrase of 7 randomly chosen words from a 7776 word list
like DiceWare is an option. For many people a sting of random words is easier to
remember than a string of characters
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-04-22
With Diskcryptor, you can use a 128 character password along with a keyfile for system encryption, and the bootloader can be placed on external media such as a thumb drive, which is easy to destroy or hide in case of emergency (along with the unique keyfile which is required to access your OS). In this regard, it seems Diskcryptor offers much stronger security for system encryption in spite of it's low iteration count. That's assuming it does a correct implementation of all the ciphers. Personally, I'd very much like to see these options introcuded in VC some day, which would make an already outstanding product even better!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
"The problem" with system disk/encryption and bootloader etc., is, even more boot disks are... SSD ;)
And DiskCryptor have - in contrast on HD with similar speed to TC/VC - tremendous more performance on SSD then TC/VC. With any extra smart code-skills for SSD (among other smoothly work with trim).
I think Mounir should be solve still the another "101" issues and ideas for VC, a multiplatform solution!, before he can deal with DiskCryptor :) (imho, of course).
@topic.
Good password for system encryption: 12-16 "semi chaotic" characters with little and big letters and with numbers.
Good passwort after boot for other volumes and for containers: >=20 characters managed with KeePass (+ brackets, minus, underscore) and KeePass-database password, like system encryption password for VC.
"But if i use a password mixed with mixed letters and numbers and if it has only the length of 7 letters" is simply a very bad idea. Thats all.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@karrson: I don't know where you got the number 7776, but in any case a word list that size has just shy of 13 bits of entropy. Times 7 words, randomly chosen with random placement, that's 90 bits of entropy. Not enough.
I highly recommend that a password be chosen with the same amount of entropy as your encryption key. In this case, 256 bits. People wrongly believe that password strengthening (the idea of hashing your password multiple times to make it harder to brute force) means you can have smaller passwords with equivalent security. This is wrong thinking. It is not proven with any hash that VeraCrypt uses that finding the 1000th hash of your password requires calculating hashes 1 through 999 first. These hashes have not been subjected to that sort of cryptanalysis and there could very well be optimizations that make it easy to calculate the nth iteration instantly. This sort of usage was not a design specification of the hashes used in VeraCrypt. It is likely that the iterations help, but it isn't known and is not something you can rely on.
That being said, it's useful to have in VeraCrypt, and I hotly opposed VeraCrypt even adding the option to shorten the iteration count. However, it should not be viewed as a substitute for a password of appropriate length and complexity. It should be viewed as a measure intended to act as a final line of defense and to improve forward security. Treat it as if the feature is not there when you choose your password, and then because it is there you have a possible buffer.
That means you want a password with a full 256 bits of entropy. Anything less and your password is the weakest link.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Take 3 words that you will remember (Doesn't have to be random) and add two separate years somewhere between or at the beginning/end that you will again remember. Like this: Taylor 2005 MINION Dragons 1990 ** Then add 8 or so symbols into the mix like this: ((Taylor)) 2005-MINION_Dragons 1990? and you have a password that is 36 characters long and should be easy to remember with practice. It contains 3 words that are likely personal to you, and two years that are also likely personal to you. With the addition of symbols to "buffer" the password and add entropy, it is secure enough for anything the common folk will be storing. I use 50+ character passwords in this fashion but I try to make sure 2 of my 5 words are chosen at random from a dictionary. ie: I flip to a page and select a word by randomly pointing. Another method people seem to gloat about is Diceware passwords but I have always found those harder to remember for some reason. Helium Grant Alpha There Lost seems to me that it would be easier to crack than @@@1964_&Pieces - SuiCIDE..S3bast!an(C) 2014@@@** but then again, I am no math wizz.
Seb
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In all the discussion that I read about password menagement I do not find any mention about the fact that generally servers that store important data do not allow to make more than 3 attempts at a time; then you have to wait a long time.
This virtually blocks almost everyone who does not know you.
In any case, I want to suggest my opinion about the best password choice:
Use the first character of each word in a sentence that you like including punctuation, example:
"My favourite numbers are 4 and 6. My favourite colours are purple, green, & black"
becomes "Mfna4a6.Mfcap,g,&b"
It is easy to remember and almost impossible to decript.
I found it in this site https://video.video00.com/en/articles-list/450-tips-to-remember-passwords.html
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
everywhere it says that a good password should be long enough (more than 12 or XX symbols).
But if i use a password mixed with mixed letters and numbers and if it has only the length of 7 letters for example
kpwem81
How long would it take with a professionell brute-force software and a state of the art pc (not an NSA-PC) to crack the password with that veracrypt encrypted folder?
What you guess, Monir Idrassi?
Thanks...
Hi,
Usually, we assess the security of a password using its entropy without taking into account the work factor associated with its processing.
In your case, you are using a password with mixed letters and numbers, which in the best case gives 5-bits of entropy per-character. This is 35-bits for 7 characters password. This is very low from the security point of view (remember that 15 years ago, 56-bit DES keys could be cracked in one day using dedicated hardware).
In the context of VeraCrypt, there two elements that make the cost of a brute force very high:
The use of a such random salt means that it is impossible to create rainbow table for possible password, so only brute forcing is realistic.
Thanks to the high iterations count, there is 1 million hash performed for each password.
There are dedicated hashing hardware mainly used for Bitcoin mining but that can be applied for brute forcing also. The best available hardware of this kind can perform around 5 millions of million hashes per seconds. This means that it can try 5 million passwords per second.
Thus, since your 7 character password has 35-bit of entropy, using a single hardware device like this one, it will theoretically take an attacker 2^35 / (5 x 10^6) = 6872 seconds to crack your password...this is less than 2 hours!
This piece of hardware costs less than 3000 Dollars, so it is very practical attack.
On the other hand, if you use a 12 characters password composed of mixed letters and numbers, you'll get around 60-bits of entropy, so this attack will take around 2^60 / (5 x 10^6) = 230584300921 seconds = 7311 years!
By comparison, if you use a 20 character password composed of mixed letters and numbers, you will have around 100-bits of entropy, which implies that this attack will take 2^100 / (5 x 10^6) = 2.5 x 10^23 seconds to crack the password...this is more than the age of the universe!!
So, my conclusion: use very long passwords!
Last edit: Mounir IDRASSI 2015-04-19
View and moderate all "General Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Forums"
The probability of finding the password is 50 % of all possible combinations
Example SHA 256 = key 256 bits
all combinations 2^256
Great probability of finding the password is 50 %
i.e 2^128 to think that one cycle would be broken...
But finding passwords in 50 % of all hash chain/string would be impossible :)
Last edit: Anonymous 2018-01-18
Math is not my strong suit so I apologize for what might be a simple question. But I find this topic fascinating.
I have and older laptop and have its system encrypted with diskcryptor because it boots fast but it does have lower security. I used keepass to check my password and it says it has 123 bits entropy. I believe diskcyrptor uses sha512 HMAC-SHA-512 PRF 1000 iterations. With my 123 bit entropy password how long would brute force take?
Basically trying to figure out if a 5 minute boot time with veracrypt is worth extra security on my slow laptop. I already use veracrypt on my PC boot is only 35 seconds.
123 bits of entropy is a high level of security only if the password is really constituted of random characters and not some patterns or dictionary words that fools the entropy estimator.
If your memory is good enough to remember such good quality password, then you are safe even with Diskcryptor. Unfortunately, not all humans are able to remember a "true" random password with 123-bits of entropy.
Anyway, with 1000 iterations, Diskcryptor performs 2000 hashes per password. This implies that the dedicated hardware I mentioned previously can try (5 x 10^12) / 2000 = (25 x 10^8) = 2.5 Billion Diskcryptor passwords per second.
Thus, a 123 bits password would theoretically require : 2^123 / (25 x 10^8) = 4.2 x 10^27 seconds...no comments!
Thank you very much for the reply. My memory isnt that good for true random characters so I use the diceware method which I am sure you are familiar with. I would think that if an attacker knew the password was made up of only diceware word list it would be an easier attack but the 131 bits I thought would be enough.
Hi
Imagine for a minute that your keyboard has 7776 different characters. If that were true a 7 digit password is Ok. Brute force at a trillion guesses a second would still take 5 million years to try them all.
But keyboards only have 94 or 96 different characters.
So using a pass phrase of 7 randomly chosen words from a 7776 word list
like DiceWare is an option. For many people a sting of random words is easier to
remember than a string of characters
With Diskcryptor, you can use a 128 character password along with a keyfile for system encryption, and the bootloader can be placed on external media such as a thumb drive, which is easy to destroy or hide in case of emergency (along with the unique keyfile which is required to access your OS). In this regard, it seems Diskcryptor offers much stronger security for system encryption in spite of it's low iteration count. That's assuming it does a correct implementation of all the ciphers. Personally, I'd very much like to see these options introcuded in VC some day, which would make an already outstanding product even better!
"The problem" with system disk/encryption and bootloader etc., is, even more boot disks are... SSD ;)
And DiskCryptor have - in contrast on HD with similar speed to TC/VC - tremendous more performance on SSD then TC/VC. With any extra smart code-skills for SSD (among other smoothly work with trim).
I think Mounir should be solve still the another "101" issues and ideas for VC, a multiplatform solution!, before he can deal with DiskCryptor :) (imho, of course).
@topic.
Good password for system encryption: 12-16 "semi chaotic" characters with little and big letters and with numbers.
Good passwort after boot for other volumes and for containers: >=20 characters managed with KeePass (+ brackets, minus, underscore) and KeePass-database password, like system encryption password for VC.
"But if i use a password mixed with mixed letters and numbers and if it has only the length of 7 letters" is simply a very bad idea. Thats all.
@karrson: I don't know where you got the number 7776, but in any case a word list that size has just shy of 13 bits of entropy. Times 7 words, randomly chosen with random placement, that's 90 bits of entropy. Not enough.
I highly recommend that a password be chosen with the same amount of entropy as your encryption key. In this case, 256 bits. People wrongly believe that password strengthening (the idea of hashing your password multiple times to make it harder to brute force) means you can have smaller passwords with equivalent security. This is wrong thinking. It is not proven with any hash that VeraCrypt uses that finding the 1000th hash of your password requires calculating hashes 1 through 999 first. These hashes have not been subjected to that sort of cryptanalysis and there could very well be optimizations that make it easy to calculate the nth iteration instantly. This sort of usage was not a design specification of the hashes used in VeraCrypt. It is likely that the iterations help, but it isn't known and is not something you can rely on.
That being said, it's useful to have in VeraCrypt, and I hotly opposed VeraCrypt even adding the option to shorten the iteration count. However, it should not be viewed as a substitute for a password of appropriate length and complexity. It should be viewed as a measure intended to act as a final line of defense and to improve forward security. Treat it as if the feature is not there when you choose your password, and then because it is there you have a possible buffer.
That means you want a password with a full 256 bits of entropy. Anything less and your password is the weakest link.
Take 3 words that you will remember (Doesn't have to be random) and add two separate years somewhere between or at the beginning/end that you will again remember. Like this: Taylor 2005 MINION Dragons 1990 ** Then add 8 or so symbols into the mix like this: ((Taylor)) 2005-MINION_Dragons 1990? and you have a password that is 36 characters long and should be easy to remember with practice. It contains 3 words that are likely personal to you, and two years that are also likely personal to you. With the addition of symbols to "buffer" the password and add entropy, it is secure enough for anything the common folk will be storing. I use 50+ character passwords in this fashion but I try to make sure 2 of my 5 words are chosen at random from a dictionary. ie: I flip to a page and select a word by randomly pointing. Another method people seem to gloat about is Diceware passwords but I have always found those harder to remember for some reason.
Helium Grant Alpha There Lost seems to me that it would be easier to crack than @@@1964_&Pieces - SuiCIDE..S3bast!an(C) 2014@@@** but then again, I am no math wizz.
Seb
In all the discussion that I read about password menagement I do not find any mention about the fact that generally servers that store important data do not allow to make more than 3 attempts at a time; then you have to wait a long time.
This virtually blocks almost everyone who does not know you.
In any case, I want to suggest my opinion about the best password choice:
Use the first character of each word in a sentence that you like including punctuation, example:
"My favourite numbers are 4 and 6. My favourite colours are purple, green, & black"
becomes "Mfna4a6.Mfcap,g,&b"
It is easy to remember and almost impossible to decript.
I found it in this site
https://video.video00.com/en/articles-list/450-tips-to-remember-passwords.html