VeraCrypt, „extremely complex“ 🔒

VeraCrypt – sozusagen der Nachfolger von TrueCrypt – scheint wirklich sehr hart zu knacken zu sein.

Attacking BitLocker, LUKS or FileVault 2 is straightforward: read the disk header, figure out the encryption algorithm and KDF (Key Derivation Function), set up an attack and wait. Depending on the hash algorithm and the number of hash iterations specified in the KDF, attacks may run faster or slower, but they never get particularly slow.

In VeraCrypt, information about the encryption algorithm or the KDF is never saved in the disk header. […] If you don’t know exactly which cipher and which hash function has been used to encrypt the container, you’ll have to try all of the 75 combinations during the attack […] The attack is going to be […] very slow, even if the default combination of cipher and hash has been used. To give you an idea, the default combination […] can be attacked at a rate of 1140 passwords per second with a single NVIDIA RTX 2070 board. The same board delivers the speed of only 6.63 passwords per second if you know nothing about the hash function or the encryption algorithm.


In addition to the choice of encryption algorithms and hash functions, VeraCrypt offers yet another dimension for securing the data. When creating an encrypted disk, the user can opt to use a non-default number of hash rounds […] Needless to say that VeraCrypt does not store the number of hash rounds in the disk header. If the user specifies a non-standard PIM value, the already slow attacks start falling apart. Now, in addition to trying the 75 combinations of hash functions and encryption algorithms, you’ll have to try all reasonable PIM values. With all this uncertainty, validating just a single password could take from several seconds to several minutes. Obviously, this rules out brute-force attacks completely, emphasizing the importance of small, targeted dictionaries that can be compiled from the list of the user’s other passwords.

Breaking VeraCrypt: Obtaining and Extracting On-The-Fly Encryption Keys

Und weiter unten, nachdem im Blogpost erörtert wird, wie man theoretisch doch an die verschlüsselten Daten gelangen könnte, dann diese Zusammenfassung:

Breaking VeraCrypt is extremely complex. VeraCrypt presents one of the strongest encryption options we have encountered. Even a thousand computers or a network of powerful Amazon EC1 instances with top GPUs may spend years if not hundreds of years to break a strong password. Extracting and using OTFE keys remains one of the few usable method to break in to encrypted containers. Yet, this method has a number of limitations.

One of the most restricting limitations is the requirement to obtain physical access to the computer during the time a VeraCrypt disk is mounted: only in that case the encryption keys are available in RAM. That computer must not be locked, and the authenticated user session must have administrator’s privileges (you need them to obtain the memory dump). Finally, the memory encryption option in VeraCrypt must not be used. […] This scenario with this combination of factors is not very common, yet our customers continue to report successful cases when this exact approach has been used.

Ich habe selten eine so plakative Darstellung der Sicherheitsfeatures einer Verschlüsselungssoftware gesehen, wie in diesem Blogeintrag bei Elcomsoft, in dem man den Respekt des Autors gegenüber den Entwicklern von VeraCrypt und seine Faszination an den Sicherheitsfeatures des „one of the most commonly used disk encryption package in the criminal world“ spürt. Ich kann die Lektüre des Artikels allen, die auch nur am Rande an Verschlüsselung und der Sicherheit ihrer Daten interessiert sind, empfehlen, vor allem auch die im Artikel selbst wiederum verlinkten Beiträge zu Detailaspekten verschiedener Verschlüsselungstechniken.

Sehr wahrscheinlich wird man sich dem Entschlüsseln eines mit VeraCrypt verschlüsselten Containers eher mittels Rubber-Hose Kryptanalyse annähern, aber allein die Vorstellung, dass es ein Tool gibt, das diese Form der Entschlüsselung notwendig macht, lässt jemanden, der CryptoPartys besucht und sich dem Thema Verschlüsselung lange mit Interesse gewidmet hat, bunte Luftschlösser bauen.