101 lines
4.5 KiB
TeX
101 lines
4.5 KiB
TeX
\documentclass[a4paper,12pt]{article}
|
|
|
|
\usepackage{geometry}
|
|
\usepackage[english]{babel}
|
|
\usepackage{microtype}
|
|
\usepackage{hyperref}
|
|
|
|
\setlength{\parindent}{0pt}
|
|
|
|
\title{Truecrypt Report}
|
|
\author{Tobias Eidelpes 01527193}
|
|
\date{\today}
|
|
|
|
\begin{document}
|
|
\maketitle
|
|
|
|
\section{Introduction}
|
|
|
|
This report is about a password encrypted container which contains sensitive
|
|
information. The password required to open the container should be found and the
|
|
information inside shared. The purpose of this report is to analyze the
|
|
container, investigate whether the password can be cracked, draw conclusions
|
|
about the security of the container and document all findings in the process.
|
|
|
|
\section{Setting}
|
|
|
|
An encrypted truecrypt container has been created and downloaded from the
|
|
website~\footnote{\url{https://seclva.ifs.tuwien.ac.at/forensics/mktruecrypt.php}}
|
|
provided in the assignment on October 14, 2021. This website allows a truecrypt
|
|
container to be generated which is secured with a password. The password is
|
|
randomly generated by the website, but properties such as the length and
|
|
character set of the password can be defined beforehand. Additionally, the
|
|
student id has to be submitted with the length and character set. In this case
|
|
the truecrypt container is secured with a five digit password. Upon successful
|
|
download we receive a file called \texttt{tc01527193.tc}~\footnote{sha256sum:
|
|
d49b99389f62fc248f88721eac28a40b478ccd16d3a3828dc3d220f24fa6b344}. This file
|
|
marks the encrypted container. On a Linux operating system the container can be
|
|
mounted using the following command:
|
|
|
|
\begin{verbatim}
|
|
$ sudo cryptsetup --type tcrypt open tc01527193.tc sdd
|
|
\end{verbatim}
|
|
|
|
This immediately opens a prompt where the password has to be submitted. We have
|
|
therefore confirmed that the container is indeed encrypted. The next task is to
|
|
find the password for the container. Truecrypt secures containers by default
|
|
using the RIPEMD-160 hash function and the XTS encryption mode. Since the
|
|
password is randomly generated and relatively short, the password can be found
|
|
by trying all possible combinations of five digits (=bruteforcing). The
|
|
container is passed to Hashcat~\footnote{\url{https://hashcat.net/hashcat/}}
|
|
(version 6.2.4) to crack the password:
|
|
|
|
\begin{verbatim}
|
|
$ hashcat -a 3 -m 6211 tc01527193.tc "?d?d?d?d?d"
|
|
\end{verbatim}
|
|
|
|
After 1 second at a hashrate of approximately 75000 H/s on an AMD GPU RX480, the
|
|
password is revealed to be \texttt{91509}. The container can now be opened
|
|
decrypted and mounted under Linux with:
|
|
|
|
\begin{verbatim}
|
|
$ sudo cryptsetup --type tcrypt open tc01527193.tc container
|
|
$ sudo mount /dev/mapper/container /mnt
|
|
\end{verbatim}
|
|
|
|
The directory \texttt{/mnt} now contains the contents of the container. There
|
|
are three files in it: \texttt{awesome.jpg}, \texttt{secret.txt} and
|
|
\texttt{wasted.jpg}. The two image files picture Spongebob under a rainbow
|
|
(\texttt{awesome.jpg}~\footnote{sha256sum:
|
|
7d8355b740c5f07e4c4ed682374867dbbcd7921297bb6139a59d36ed94575949}) and Spongebob
|
|
with Patrick (\texttt{wasted.jpg}~\footnote{sha256sum:
|
|
c3d05ee9e7eb5e14aaf87365afc88b3261820325df6a8eed37e11a5a092ebb5a}). The third
|
|
file (\texttt{secret.txt}~\footnote{sha256sum:
|
|
cab63727fe97d8a25326cefc46346007941151a6c2c81708b74f0cf5f78d94b7}) contains the
|
|
text
|
|
|
|
\begin{verbatim}
|
|
2ca0841020b08bffa9eb1c056ff3ab4b31f144b229
|
|
\end{verbatim}
|
|
|
|
\section{Analysis}
|
|
|
|
Due to the password being relatively short at five digits, it is very easy to
|
|
crack. In a real-world scenario passwords usually contain at least seven
|
|
characters and not just digits but also alphanumeric characters. A seven digit
|
|
password is crackable in around 133 seconds with a hashrate of 75000 H/s. If
|
|
only lowercase characters are used and the password is still seven characters
|
|
long, it takes around one day and six hours to crack the password. If uppercase
|
|
and lowercase chracters as well as digits are possible, the password is cracked
|
|
in about 544 days. A password which secures the container for at least 10 years
|
|
and is only made up of digits requires a length of at least 14. If lowercase and
|
|
uppercase characters and digits are used, the password has to be at least 8
|
|
characters long. These are all upper bounds, because the password might be
|
|
cracked earlier if the cracker is lucky and the password is one of the earliest
|
|
combinations which the computer tries. From these numbers it is possible to give
|
|
a recommendation for secure passwords. Passwords should be randomly generated,
|
|
at least eight characters long and contain lowercase and uppercase letters as
|
|
well as digits. This provides robust protection from crackers for a century.
|
|
|
|
\end{document}
|