http://www.lostpassword.com/hdd-decryption.htm
http://brian.carnell.com/articles/2008/ ... tem-broke/
The first link refers to the newest version of truecrypt while the second refers to an older version
http://www.schneier.com/blog/archives/2 ... attac.html
Info on the old Evil Maid attack
Most of this info is a little older and does not really apply to 7.0a however it shows vulnerabilities in Truecrypt (or any encryption method) unless you are encrypting the entire filesystem.
Cheap GPUs are rendering strong passwords useless?
- Mechanic_Kharkov
- Posts: 9
- Joined: Sun 24 Jul 2011, 08:08
- Location: Kharkov, Ukraine
Thank you, DPUP5520 for good news!
There is no TrueCrypt encryption vulnerabilities info under given links was found.
There are some explanations on my opinion about the links here.
1. This decryptor use memory snapshot with encrypted volume open and keys in RAM. If you let the attacker to take a snapshot of your entire RAM, then you can also tell him all your passwords from all used security tools in time as well.
2. As I said before, all that Bruce Schneier and company were compromised is the Plausible Deniability feature only. The encrypted data itself can not be compromised in this way, just the fact that there is some encrypted data on the volume. And if one uses encrypted disk, and that one knows how software like mentioned MS Office handles files, then that one can easily set up necessary secure environment to prevent such data leakage (e.g. create RAM disk to store Windows temporary directories in it, prevent swap-file usage, etc).
3. This fantastic invisible girl Joanna Rutkowska has a wonderful brain, and if you don't eat color pills from her hands then she sends to you an evil maid!
This attack like the first one uses full memory access. So it affects total system's security but not the TrueCrypt's only. If you run any kind of evil code that have full read access to your RAM - there is no secure thing possible on your system at all. And it does not matter how that code was executed, with boot-loader, or with ordinary horse, elevating rights.
Btw, if you have administrative rights on target machine then you can easily use any kind of keylogger instead of such an exotic way to take keys.
So, still sure TrueCrypt is my trusted friend. Thanks.
There is no TrueCrypt encryption vulnerabilities info under given links was found.
There are some explanations on my opinion about the links here.
1. This decryptor use memory snapshot with encrypted volume open and keys in RAM. If you let the attacker to take a snapshot of your entire RAM, then you can also tell him all your passwords from all used security tools in time as well.
About RAM access I told above, and hiberfil.sys can contain such data of a very lame user only. And what about brute-force with more-than-200-bits-length passwords...NOTE: If the target computer is turned off and the TrueCrypt/BitLocker volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns Brute-force attacks to recover the original password for the volume.
2. As I said before, all that Bruce Schneier and company were compromised is the Plausible Deniability feature only. The encrypted data itself can not be compromised in this way, just the fact that there is some encrypted data on the volume. And if one uses encrypted disk, and that one knows how software like mentioned MS Office handles files, then that one can easily set up necessary secure environment to prevent such data leakage (e.g. create RAM disk to store Windows temporary directories in it, prevent swap-file usage, etc).
3. This fantastic invisible girl Joanna Rutkowska has a wonderful brain, and if you don't eat color pills from her hands then she sends to you an evil maid!
This attack like the first one uses full memory access. So it affects total system's security but not the TrueCrypt's only. If you run any kind of evil code that have full read access to your RAM - there is no secure thing possible on your system at all. And it does not matter how that code was executed, with boot-loader, or with ordinary horse, elevating rights.
Btw, if you have administrative rights on target machine then you can easily use any kind of keylogger instead of such an exotic way to take keys.
So, still sure TrueCrypt is my trusted friend. Thanks.