commit b5c2669ec844a0f0494d611d459c5c37cbff50ac Author: Tobias Eidelpes Date: Sun Oct 24 16:27:52 2021 +0200 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..08ac1e1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +*.pdf +*.aux +*.fdb_latexmk +*.fls +*.log +*.synctex.gz +*.out diff --git a/pw.txt b/pw.txt new file mode 100644 index 0000000..4e92928 --- /dev/null +++ b/pw.txt @@ -0,0 +1 @@ +91509 diff --git a/report.tex b/report.tex new file mode 100644 index 0000000..8fd718b --- /dev/null +++ b/report.tex @@ -0,0 +1,100 @@ +\documentclass[a4paper,12pt]{article} + +\usepackage{geometry} +\usepackage[english]{babel} +\usepackage{microtype} +\usepackage{hyperref} + +\setlength{\parindent}{0pt} + +\title{Truecrypt Report} +\author{Tobias Eidelpes 01527193} +\date{\today} + +\begin{document} +\maketitle + +\section{Introduction} + +This report is about a password encrypted container which contains sensitive +information. The password required to open the container should be found and the +information inside shared. The purpose of this report is to analyze the +container, investigate whether the password can be cracked, draw conclusions +about the security of the container and document all findings in the process. + +\section{Setting} + +An encrypted truecrypt container has been created and downloaded from the +website~\footnote{\url{https://seclva.ifs.tuwien.ac.at/forensics/mktruecrypt.php}} +provided in the assignment on October 14, 2021. This website allows a truecrypt +container to be generated which is secured with a password. The password is +randomly generated by the website, but properties such as the length and +character set of the password can be defined beforehand. Additionally, the +student id has to be submitted with the length and character set. In this case +the truecrypt container is secured with a five digit password. Upon successful +download we receive a file called \texttt{tc01527193.tc}~\footnote{sha256sum: +d49b99389f62fc248f88721eac28a40b478ccd16d3a3828dc3d220f24fa6b344}. This file +marks the encrypted container. On a Linux operating system the container can be +mounted using the following command: + +\begin{verbatim} +$ sudo cryptsetup --type tcrypt open tc01527193.tc sdd +\end{verbatim} + +This immediately opens a prompt where the password has to be submitted. We have +therefore confirmed that the container is indeed encrypted. The next task is to +find the password for the container. Truecrypt secures containers by default +using the RIPEMD-160 hash function and the XTS encryption mode. Since the +password is randomly generated and relatively short, the password can be found +by trying all possible combinations of five digits (=bruteforcing). The +container is passed to Hashcat~\footnote{\url{https://hashcat.net/hashcat/}} +(version 6.2.4) to crack the password: + +\begin{verbatim} +$ hashcat -a 3 -m 6211 tc01527193.tc "?d?d?d?d?d" +\end{verbatim} + +After 1 second at a hashrate of approximately 75000 H/s on an AMD GPU RX480, the +password is revealed to be \texttt{91509}. The container can now be opened +decrypted and mounted under Linux with: + +\begin{verbatim} +$ sudo cryptsetup --type tcrypt open tc01527193.tc container +$ sudo mount /dev/mapper/container /mnt +\end{verbatim} + +The directory \texttt{/mnt} now contains the contents of the container. There +are three files in it: \texttt{awesome.jpg}, \texttt{secret.txt} and +\texttt{wasted.jpg}. The two image files picture Spongebob under a rainbow +(\texttt{awesome.jpg}~\footnote{sha256sum: +7d8355b740c5f07e4c4ed682374867dbbcd7921297bb6139a59d36ed94575949}) and Spongebob +with Patrick (\texttt{wasted.jpg}~\footnote{sha256sum: +c3d05ee9e7eb5e14aaf87365afc88b3261820325df6a8eed37e11a5a092ebb5a}). The third +file (\texttt{secret.txt}~\footnote{sha256sum: +cab63727fe97d8a25326cefc46346007941151a6c2c81708b74f0cf5f78d94b7}) contains the +text + +\begin{verbatim} +2ca0841020b08bffa9eb1c056ff3ab4b31f144b229 +\end{verbatim} + +\section{Analysis} + +Due to the password being relatively short at five digits, it is very easy to +crack. In a real-world scenario passwords usually contain at least seven +characters and not just digits but also alphanumeric characters. A seven digit +password is crackable in around 133 seconds with a hashrate of 75000 H/s. If +only lowercase characters are used and the password is still seven characters +long, it takes around one day and six hours to crack the password. If uppercase +and lowercase chracters as well as digits are possible, the password is cracked +in about 544 days. A password which secures the container for at least 10 years +and is only made up of digits requires a length of at least 14. If lowercase and +uppercase characters and digits are used, the password has to be at least 8 +characters long. These are all upper bounds, because the password might be +cracked earlier if the cracker is lucky and the password is one of the earliest +combinations which the computer tries. From these numbers it is possible to give +a recommendation for secure passwords. Passwords should be randomly generated, +at least eight characters long and contain lowercase and uppercase letters as +well as digits. This provides robust protection from crackers for a century. + +\end{document} diff --git a/secret.txt b/secret.txt new file mode 100644 index 0000000..645977f --- /dev/null +++ b/secret.txt @@ -0,0 +1 @@ +2ca0841020b08bffa9eb1c056ff3ab4b31f144b229 diff --git a/tc01527193.tc b/tc01527193.tc new file mode 100644 index 0000000..6b8e0b7 Binary files /dev/null and b/tc01527193.tc differ