Encryption is no longer secure.
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Vera Crypt limits you to text passwords. They won't let you use symbols or extended ascii, little alone binary passwords. Since you have never heard the terms "text password", "Ascii Password" or, "Binary password" before let us start there.
A text password contains numbers and letters. It also includes some but not all common Ascii symbols. This limit makes brute force hacking much easier. And ascii password includes symbols that are not easily accessed. To insert and Ascii symbol in a password, just hold ALT and then enter a 3 digit binary number from an Ascii table, when you let go of the ALT the symbol will appear. You can also use 4 digits and get extended Ascii, but no software supports this. An ascii password is at this moment is unbreakable because no brute force checks them. No one would ever guess that ƒ (alt 159)or Ÿ (alt 0159) are part of your password. A binary password uses keys like NULL (alt 000) or UNIT SEPERATOR (alt 031) OR DELETE (alt 127), or anything in-between the first two. ASCII passwords are far more secure than TEXT passwords. And Digital passwords requires a little tweaking to the code but offer only slightly more.
Vera Crypt needs to allow for Ascii passwords. They need make so when you put in (alt 008)it puts in "1000" instead of removing that last entry, but when you push the backspace key it still needs to remove the previous entry. This might be tricky but it is worth it. I have been using this method since the 90's. My favorite was (alt 159) or ƒ, and I often used this single digit to secure systems, and it was just that secure even being a single digit because no person or software would ever even try it. Most people are probably learning about (alt ???) Right now.
I recently began questioning this method... of hacking. The reason one way encryption works is because there are multiple answers... IE there are several passwords that have the same hash, and you have to find the correcct TEXT password for it to work. With slight changes to the software (since it is open source) to allow a brute force to directly use binary passwords "the hack". You then have a working password, and simply change the password to something simple to "crack the drive". The shortest solution will almost always be a Binary password, and regardless of how complicated the real password is, there will be a shorter password that results in the same hash.
It won't be long now, my hacking method is already in government hands, I am not a programmer and paid someone to make the changes, it worked.... he bragged about it too much and now I am sure he is either in custody or banned from the internet.... So this method makes encryption more secure, and less secure at the same time. We need to make 3 changes to Vera Crypt:
we need to allow for ASCII passwords because these are so much more secure. We need not add binary, we need to make hackers do that, because once they succeed we are all in for trouble.
We need to store part of the key's in the TPM (preferentially a hardware TPM instead of a software one) and build it with secure boot built in to eliminate man in the middle attacks.
We need make key files more standard, as will also defeat "Binary password brute force attacks."
Won't be long now, we are all at risk, we are only a few months away from the government using this hack on anyone they want. IT won't be long tell those block chain miners start cracking passwords, within a year if we don't use key files and ASCII passwords, we are all in for one heck of a reckoning. Please like and share this post… People need to know this is happening, and it only take 3 weeks to find an incorrect but working Ascii password…. Once they start using block chain miners and figure out how to make the binary passwords work, it’s game over unless we take additional steps to protect ourselves.
Richard K
Hi, Richard.
I do not understand your comment, "Vera Crypt limits you to text passwords. They won't let you use symbols or extended ascii, little alone binary passwords. Since you have never heard the terms "text password", "Ascii Password" or, "Binary password" before let us start there."
I've not only heard of these terms, but I use them with VeraCrypt every day. For example, I just now created a 100 MB VeraCrypt volume using AES-256, SHA 512 with NTFS formatting and the following extended ASCII characters as its password:
lòŠŒ¿1§neЀ!{Y¿ø‹1ŒàßÈA{‹4‘g5vñhBŽC³è*‹§
In fact, I over the last several years, I developed a random character password/key generator in Excel that's capable of generating and securely managing (storing) passwords and keys of the major character types up to 32,767 characters in length.
Character types - Minimum required for AES-256 Key Space Equivalence
Excel - 34
Keyboard - 40
Alphanum All Case - 43
Alphabet All Case - 45
Alphanum Uppercase - 50
Alphanum Lowercase - 50
Alphabet Uppercase - 55
Alphabet Lowercase - 55
Hexadecimal Numbers - 64
Numbers - 78
Binary - 256
The minimum required for AES-256 Key Space Equivalence was calculated by 2^256=a^n, where a is the size of the character set, solving for n, and rounding up to the next whole number. Thus, for 94 keyboard characters, n=40.
Even though there are 216 characters capable of being displayed by Excel, as many of those beyond the keyboard characters require two bytes instead of one byte for the keyboard characters, you can't use a full 128 characters.
Moreover, there's very little incentive to use extended characters due to the law of diminishing returns.
For example, both 40 keyboard characters (pool of 94) and 34 Excel characters (pool of 216) exceed AES-256 key space.
You wrote: "My favorite was (alt 159) or ƒ, and I often used this single digit to secure systems, and it was just that secure even being a single digit because no person or software would ever even try it."
Hackers don't enter passwords. Cracking software enters only 0s and 1s before running the decryption side of the algorithm.
When you enter a password, the encryption algorithm accepts it, then converts it by a known and repeatable set of operations into a 256-bit key. As a result, there are only ever 2^256 possible key permutations (with replacement and order does not matter).
Cracking software doesn't run through passwords. Instead, it uses lists of binary keys pre-generated from the most common thousands to even millions of passwords.
If that doesn't work, hackers generally quit, as that's but a very tiny fraction of the incredibly immense number of permutations (1.15792x10^77) required to exhaust all keys. Even running through just 1% of the keys still requires 1.15792x10^75 permutations!
The computing energy required (Joules or Watt-hours) to run through the full 1% is absolutely vast.
Here's an example of a fully random keyboard character password which exceeds the AES-256's key space:
s[7n$vBHF,azkQH^68k'wCYD}XKA|fbM>3s9iH$!
No special characters required!!!
Was hoping VeraCrypt power users might comment whether text passwords (that are not short in character length) are liable to be hacked in the near future if used without key files and/or extended characters, as cautioned by Richard.
I'm following this as well. If it's true, it's definitely concerning, but unfortunately the explanation of the hack isn't very thorough or easy to understand, not sure if it's due to lack of knowledge on my part or just not explained well. It seems to me, though, that if it's true a long, complex password can be "hacked" by finding a matching hash from a shorter one (and this doesn't sound plausible to me, but I'm not an expert), then adding complexity with ASCII keycodes isn't going to make much difference.
My favorite, by the way, has always been Alt+255, which looks like a space but isn't. Very useful in certain situations.
I have never heard of a collision being discovered with Hashes such as SHA256 or SHA512. It's highly improbable that one could be found without a quantum computer, and even then, it may not be probable.
With all due respect, but the OP is.... meaningless.
That's the most accurate description of that post.
My veracrypt system passphrase is over 40 characters long and it has over 5 symbols scattered randomly throughout. It's not a saying, part of any book, song, or anything that's probably been written before. It's improbable that it could be brut forced, and it's not an ascii passwords, in the sense it does not use any of the symbols you describe.
TPM is unacceptable and its security cannot be guaranteed, especially if China's TPM uses another encryption algorithm.