I have most of my veracrypt passphrase, how do I make more guesses?

Hi there all! I miswrote my personal drive’s password and have been trying to guess in Veracrypt. No luck so far. :frowning: Please and thank you for any help!

I’m on Linux Mint and so far have a script from my bestie that works with the console version of VC to test passwords(That’s big for me lol.) I added letters and numbers and dashes and I am at the desperate stage of grief. That’s all he has been able to help me with.
My password was something close to “Creamlike Crestless Subtly Energize Ether 6”
(I have zero issue publishing my password, or close to it, because I have my drive, it’s safe. Anyone who stole my laptop and got through my lengthier passwords into my drive would have my health information at worst. They might as well take my medbox instead, with my documents in it for ID theft??? Hahahaha :sweat_smile:)

I have a document to save all my tries in, I’m kind of at a lost now after trying any variations true to what I wrote down. :<

I’m not used to posting on forums, but I love the podcast and thought I’d give it a try! Orange soda supremacy. x3

From your shown password I guess you generated it with a tool and hopefully copy and pasted it from there. If that is the case you would “only” need the list of words this tool uses, generate a word list and run that through either your script or use hashcat to make it run quicker (but harder to get started). But it still could take you years of continuous running to find the password that way. And I hope you are shure about the number of words, their capitalization, seperator and where your digit(s) were.

And if there’s the possibility you typed in your password, there is the not so small possibility that you typed it in wrong, then your are truly f***d

1 Like

What did you use to generate that password? If it’s an open source tool you may be able to pull the dictionary it uses and try and make a word list to attack Veracrypt.

There are some multi threaded bruteforce tools out there, but you definitely need to narrow it down first and make some sort of dictionary.

1 Like

Heya! yes I used either Bitwarden’s generator or Keepass’s. I would bank on Bitwarden! I’m not sure if their list is public though.

It sounds like I have a lotta work ahead!

Good thing Bitwarden is open source: sdk-internal/crates/bitwarden-crypto/src/wordlist.rs at main · bitwarden/sdk-internal · GitHub

All your words are in there!

From the header it seems this is from the EFF: EFF Dice-Generated Passphrases | Electronic Frontier Foundation

3 Likes

Awesome! Thank you! I found keepass’s wordlist, and they are the exact same, just bitwarden adding a few lines and using quotation marks. :slight_smile:

I also found Crunch for generating phrases, but I am confused with it. Is there another way to generate a list of possible combinations of these words? I’m hoping to see the first word come up like; Creamlike followed by tries “abacus, abdomen, abdominal” and then adding the second word and so on? I hope I explained this correctly.^^’ I’d like to look at those lines of combinations and try them with the script, I think that’s a good way to go about it!

I know for sure there was a 6 visible at the end, but I know words could come after, so I will manually try that too if it could be too complex for my laptop.^^

Ah! I might be overthinking this, but I should add information about the encryption of my drive, because the “wrong password” prompt has new additions: “Volume uses an old algorithm that has been removed.” and this has me concerned. I only created this volume a few months ago, maybe September.

This whole problem started when I forgot my keepass file before resetting my laptop to return to Mint. :frowning:
When I set up my drive I mostly used defaults, this is what I chose in order of the process:
I used the default AES and SHA 512(AES for certain, SHA option could have changed?)
It has large files option on.
And most importantly I used Linux EXT 4!
I chose “I will only mount on linux.”

Bitwarden generate with dashes between the words as a default. Is that what you try with?

1 Like

I’m going to guess you didn’t miss every word when you wrote down your pass phrase.

I would start with replacing the first word with every word that starts with “Cream” and work from there. Or start with the one you think is most likely you’ve missed.

As for your volume, I can’t help much since I’ve never used Veracrypt.

There may be a way to extract the hash from the volume and attack it with hashcat, but I am just guessing at this point.

1 Like

When you say reset, did you just repartition the boot drive and Install Mint?

A data recovery to retrieve that missing file will likely be easier than brute forcing.

1 Like

The “stupid” way to do it (no programming skills needed) is to just import the word list into excel as a csv. Make one sheet per “word” your phrase had. Copy the list to column 1 on sheet 1, 2 on sheet 2 etc. On the blank spaces you write the word you think it was at that space. Expand down until you have a table containing your phrase with 1 place replaced with a word from the list on each line. Export as something useful (like cvs) and do a find/replace to have the correct separator between words.

You will need to find a way to automate reading this list and test each by CLI.

You could expand this for common mistakes etc but it will quickly become unfeasible. Just the above is ~46 000 guesses, and each extra potential “mistake” to compensate for will multiply how many are needed.

Just bruteforcing it will not work. Even having the list does not really help you, it is designed to be safe with a public list. There are 221073919720733357899776 combination for 6 word phrases → ~half a million guesses per second is required to exhaust the combinations in the age of the universe. You need to eliminate possibilities, or refocus on restoring the file with the original phrase

1 Like

I will try this now with R-Linux! It’s the only program I know of to do that. I think the drive was overwritten some how though. I could have sworn that it was. But this is worth a try!

I think I understand what you’re saying here! Yes, excel or libreoffice calc as I have would make this process easier lol. It’ll be awhile to get the correct word or words, but I am the fool for this job.