Ping group, Drivecrypt weakness?

From: Boship (
Date: 05/29/04

Date: Fri, 28 May 2004 23:13:52 +0100

I am interested in the question of whether or not it can be proved
that a file is a Drivecrypt container, without having the passphrase.

In Drivecrypt 303c, when a container is being created, you can see a
string of random-looking numbers being generated when clicking the

I'm guessing that this string of numbers is used somehow to
"randomise" the hash of the passphrase, and/or "randomise" where in
the file it is stored.

Given the string of the random-looking numbers, the hash of the
passphrase, and a hex dump of the resulting container (possibly for a
large number of containers), it does not seem to me to be an
insurmountable task to deduce the algorithm used for "hiding" the hash
of the passphrase. This algorithm may be badly designed, such that a
test for a Drivecrypt container could be produced.

On the other hand it may well be that the hash "hiding" algorithm used
results in an essentially "random" file of numbers, but that in itself
would give a strong indication of encryption - other files being very
unlikely to have such a high degree of randomness.

Am I talking through my backside here or what?