Why is a veracrypt hash contained in a '.vc' and not in what appears to be a standard mixed number and letter string format?
Asked
Active
Viewed 600 times
-1
-
Can you give an example? – schroeder Jan 27 '18 at 17:47
-
https://hashcat.net/wiki/doku.php?id=example_hashes – Philo Anthropos Jan 28 '18 at 10:57
-
I know what a hash is, but what do you mean by "contained in a .vc"? Wait, do you mean that the .vc file looks like a big random string of characters when you open it in a text editor? That's what encryption looks like. That's the encrypted container. – schroeder Jan 28 '18 at 13:26
1 Answers
0
Perhaps you're referring to the VeraCrypt examples from the example hashes list on the hashcat wiki? Those are actual full VeraCrypt containers, not just hashes.
The filename for a VeraCrypt container - the file that contains the entire encrypted volume - usually has a '.vc' extension. The hashcat examples are full VeraCrypt containers in order to prove that valid hashes from valid containers are working. (I know, because I generated them :) ).
This works because for standalone container files, the hash is in the first 512 bytes, and hashcat knows to only read the first 512 bytes for TrueCrypt and VeraCrypt, so the entire file can be passed directly to hashcat as a target.
Note that passing the entire file to hashcat only works for standalone containers. If it's an entire drive, the hash needs to be extracted using the same procedure as the TrueCrypt procedure. This involves extracting a specific 512-byte sequence from near the beginning of the volume.
But the filename for an extracted VeraCrypt hash - the portion of the file that has been extracted from the container, and contains the hash of the password, and can be cracked - is arbitrary and could be anything - but probably shouldn't be .vc, to avoid confusion.
Royce Williams
- 9,128
- 1
- 31
- 55
-
[@Royce] Originally I followed (https://security.stackexchange.com/questions/159461/hashcat-on-veracrypt-non-system-drive). I used dd for windows and ended up with an .img file. I want to narrow the list of possibilities down in terms VC hash code. This has led me to 'hashid'. However, all the examples I have seen online for 'hashid' involve using a hash that has a string of numbers and letters. **This is what generated my question above.** Hence I have been trying to figure out how to enter a .img into 'hashid' i.e. do I convert it into a .vc container or a regular hash, if so, how? – Philo Anthropos Jan 28 '18 at 17:53
-
The link to the TrueCrypt procedure should show you which offsets to use when extracting the byte sequence from a disk volume. It's the same procedure for VeraCrypt. You might also look at https://github.com/magnumripper/JohnTheRipper/blob/2a18678301/run/truecrypt2john.py. – Royce Williams Jan 28 '18 at 18:29