![]() ![]() However, with VeraCrypt, the software handling an encrypted volume will be sat on the attacker's machine, and must therefore be considered "owned" by the attacker. On a website, where the software policing login attempts is owned by the defender, you can do things like rate-limit login attempts (with increasing delays, way beyond the actual computation time for checking the password) and lock the account after too many failed attempts. What other methods do you think they might have used? This severely limits the ability to brute-force (assuming the password is long- and random-enough 1). ![]() If your password is secure against dictionary attack - you can have high degree of certainty in the security of your data.ĭidn't veracrypt creators know about this issue?Īs Andrew Morozko notes in his answer, they have addressed this – as far as it is possible – by using a secure key-generation function (PBKDF2) and high iteration counts. In these conditions the only feasible attack is dictionary-based, bruteforce would take too long. Repeated hashing is inherently unparallelizable (single PBKDF2 operation is unparallelizable, the attacker can perform multiple simultaneous guesses of course), so custom hardware wouldn’t help much. Having high iteration count makes every attempt take a significant time (milliseconds to seconds). Using PBKDF2 with random salt prevents the attacker from using pre-made hash tables and forces them to calculate every key attempt specifically for your container. In this respect the VeraCrypt project does everything by the books: they are using PBKDF2 with strong hash algorithms and high iteration counts (this is somewhat controlled by the user). Some passwords are more likely than others, and this allows dictionary attacks on passwords. The weakest link is almost always not the key of the encryption algorithm, but the password from which the key is derived. The fact that encryption can be bruteforced doesn’t mean that this will happen in a reasonable amount of time, and we can thank probability theory for that ) The problem is that there’s not enough silicon on Earth to construct enough processors to do it before the heat death of the universe. In practice, it's also used for container encryption - and I believe Vera Crypt itself entertains that confusion, which is unfortunate.Any encryption is vulnerable to brute force attack, for example AES-256 has 2^256 keys, and given enough hardware we can “easily” brute force it. Volume is reserved for the encryption of whole partitions, data disks or system disks. Strictly speaking, you're not using a volume either. Volume is unfortunately a very ambiguous word in Vera Crypt. If you are using Vera Crypt in the container mode, you are not encrypting partitions. This will irremediably delete the files which are inside, and recover the space used beforehand. Meaning you can delete it, the way you do with any other file. When it's unmounted, a container behaves just as any other file. ![]() When it's "unmounted", the files are encrypted, you cannot see them, and you just see one file, which is the container. When it's "mounted", the files inside are decrypted, and you can see them. A container is a special sort of file, in which you put the files you want to encrypt. Others have explained it to you, but just in case : it seems you're using the lower level of Vera Crypt encryption, which is called a container. ![]() File and volume, in the sense you're using them, are one thing and the same. So that's not a backup file which would be separate from "the volume partition that is encrypted", and which would be used to decrypt said volume. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |