How to decrypt the encrypted partition of the drive without the decryption key(USB)

2

So please bare with me as I'm a total amateur but this is what's happening : Years ago when I got paranoid about the internet I stupidly got in over my head when I decided to encrypt the majority of my disk using TrueCrypt.

I had read somewhere that to make it impossible to access it'd be smart to only make it mountable from a file on a USB . I did this and then.... Somehow lost the USB.

So basically most of my disk is now inaccessible because I can't access the file that I used to click on, in order to mount the volume.

PLEASE forgive Me I don't even know if I'm using the appropriate terms, I'm just hoping someone can decipher my post. Thank you so so much in advance.

PS: Kali is currently installed on it but it's an HP from 2012, I can figure out model number if that is relevant.

Lia St

Posted 2019-12-28T20:58:57.067

Reputation: 29

1

Kali is absolutely not for beginners. Start on a more complete unix, switch to kali when you already know what you're doing. Compulsory kali link - Why is Kali Linux so hard to set up? Why won't people help me?

– DavidPostill – 2019-12-28T21:17:07.187

2You can somewhat disregard the Kali beginner angle, which is true in general, but has little relevance here. However Kamil is right that TrueCrypt is just doing its job and that your loss may be irreversible. BTW, Truecrypt is deprecated, but Veracrypt is a direct descendent from it, in case you do reencrypt things later. – JL Peyret – 2019-12-28T21:44:42.833

2Your question title is asking if you want to erase the encrypted partition. Do you want to erase it or try to get back access to it? – LawrenceC – 2019-12-28T21:56:45.603

Anyway, it occurs to me that, esp if the OP wants to erase the partition (it isn't really a partition, at least not under OSX or Windows) then she should copy the entire big encrypted TC file to another USB/external HD. If she finds her lost key USB later she can always mount the encrypted files again: TC is perfectly happy doing that even if you're on another machine or OS, as long as you have the TC executables (or Veracrypt in TC compatibility mode) and the password/keyfile. erasing the encrypted file should then restore the lost space on her machine. – JL Peyret – 2019-12-30T19:30:29.093

Answers

2

Essentially, the whole point of full disk encryption is that someone shouldn't have been able to recover your hard disk without it.

Veracrypt is pretty much similar to truecrypt - and as per the docs, the only way to recover would have been to back up your header - as per the docs

We use VeraCrypt in a corporate/enterprise environment. Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?

Yes. Note that there is no "backdoor" implemented in VeraCrypt. However, there is a way to "reset" volume passwords/keyfiles and pre-boot authentication passwords. After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header from the backup file (Tools -> Restore Volume Header).

While there may be ways to bruteforce it, its probably going to be time/compute intensive (so probably not worth it) - and chances are, unfortunately, you're probably going to be unable to access your data.

Journeyman Geek

Posted 2019-12-28T20:58:57.067

Reputation: 119 122

-3

When creating the TrueCrypt volume, you have created or used a file which is technically called a "keyfile". Do you remember which file it was? If you remember its name or part of the name, you could search the entire disk for a file with that name.

If the above advice does not work for you, you are entering on a very long and very technical path of cracking the password, stored in the first 1024 bytes of the TrueCrypt file.

For the procedure to use, see the following article: Recovering a password for a TrueCrypt disk.

This will require lots of computer time. Anything you can remember upon the password/pass-phrase you used will help to speed it up, such as the password's approximate length and the character-set that you used in it. Without this information, unless you have used a very short key, the task is basically hopeless.

I have never followed the above procedure, so I'm not sure that I could help with the fine points. If you know a computer-person, he might have better luck in using it.

harrymc

Posted 2019-12-28T20:58:57.067

Reputation: 306 093

2If you do not remember the passphrase in order to mount the TrueCrypt volume, there is nothing that can be done, given today's computational capabilities it's not something that can be brute-forced in your lifetime (the storage device and/or system would fail before you had success). – Ramhound – 2019-12-29T06:42:12.240

1nope, see my comment under OPs question. and yes, I do use TC. – JL Peyret – 2019-12-30T15:50:47.867

1Downvoters: If there is the smallest chance of the poster recovering his data, it is wrong to hide this answer from him. – harrymc – 2020-01-02T21:20:51.557

Asked: 2019-12-28T20:58:57.067

Viewed: 175 times

Active: 2019-12-31T10:12:02.917