2

When I create a VeraCrypt file container using the GUI, it displays a warning whenever I type in a password under a given number of characters. I was wondering just how insecure, in practical terms, such a method of encryption really is.

To give a concrete example, suppose:

  • I have a 4 GB VeraCrypt-generated container on a USB drive.
  • The password for said container consists of 9 lower case letters, from the standard English 26 letter alphabet.
  • Within said container are a dozen or so files, ranging from a few bytes to a few hundred megabytes in size.
  • The USB drive in question falls into the hands of a party hostile to me.
  • Other than the contents of the USB drive described above, this hostile party has no knowledge of how the container is encrypted.

How much trouble will that hostile party have in decrypting my container? Could an intelligent and motivated, but otherwise quite ordinary, programmer with a mid-range laptop do it, or would he have to call in the CIA, etc?

chancellorofpaphos
  • 135
  • 1
  • 4

2 Answers2

7

9 lower case letters with standard English alphabet make around 40-bit direct search this is very low password entropy. This is quite achievable even you use high iteration numbers like 200000 iterations for the HMAC-SHA-256. 200000 makes $\approx 2^{18}$ so in total $\approx 2^{58}$

Even public laboratories in the USA, like Oak Ridge Summit, can achieve this;

  • The super computer Summit can reach $\approx 2^{63}$ SHA-1 hashes around one hour, $\approx 2^{72}$ hashes in one year.

Actually there are two recommendations for you

  1. Use diceware based passwords. EFF has a very decent page about this. This is a very good method to generate strong passwords that one can easily remember. With 8 words one can reach the 96 bits password entropy. A small list;

    • 7 words have 80 bits
    • 8 words have 96 bits
    • 9 words have 128 bits password entropy.

  2. Use the hidden volume in VeraCrypt. The hidden volume is created under a VeraCrypt volume that is indistinguishable from the free space of VeraCrypt volume since the free space in VeraCrypt is random, not zero, or FF. Keep in mind that, you must use a different password for this hidden volume.

    An important aspect of the hidden volume is the plausible deniability. One can give the key of the outer VeraCrypt volume as honesty and keep the hidden volume key for themself. Since the hidden volume is indistinguishable from the free space it is not noticeable.

    Note that as pointed by Mark, a forensic analysis can reveal the hidden volume. It is not perfect yet.

kelalaka
  • 49,797
  • 12
  • 123
  • 211
1

Obviously using such a short password is bad. However, you may possibly benefit from security-by-obscurity here. If the attacker has no knowledge of the password and the data doesn't seem valuable at first you have a pretty good chance of them not trying BF attacks at all.

kiler129
  • 111
  • 1