As you may all have been reading, there is videos and chats about how someone can gain your TC password by accessing your RAM, even if you turn your PC off.

http://news.cnet.com/8301-1009_3-10003167-83.html?tag=bl

Well I have an easy solution.

Simply add a keyfile to your TC encrypted HDD, partition or container and place the keyfile on a USB stick. Then whenever you leave your PC or laptop unattended take the USB stick and put it in your pocket. Carry it with you wherever you go and not leave it in your PC or laptop.

So if a person gains your TC password by freezing your RAM or by accessing it when its in hybernation mode etc, then that password is useless to them because they would still need your keyfile as well to decrypt your partition, HDD or container. But seeing you have the keyfile in your pocket, they cannot decrypt anything.

Hope this is helpful.

Hi truthseeker

Sorry, but it doesn’t work like that.

The key obtained from RAM is the decryption key. The keyfile and password you are talking about are only used to encrypt / decrypt the decryption key.

There are some videos and chats that say that your password is in ram for up to 1 hour after your computer is powered down.

Let me ask for a definition here. How do you define turning off your computer.

With both my desktops, when I shut them down, the mobo is still powered. But I kill AC to them totally, and it is obvious (I can see them) that the mobo's are off. I doubt in this situation RAM can hold something for as long as an hour. ???

Pete

-{ Quote: "Hi truthseeker

Sorry, but it doesn’t work like that.

The key obtained from RAM is the decryption key. The keyfile and password you are talking about are only used to encrypt / decrypt the decryption key." }-

Do you have any solid evidence that your comments are accurate?

As far as I know the TC password is stored in RAM, but not the seperate keyfile. Proof I am wrong?

because my keyfile that I use is a very large file on my USB stick, too big to fit in my RAM.

Turning off your computer happens in two parts, First is shutdown where the programs quit then it is power down where the OS and the HDs and Motherboard shutdown. It used to take my computer 4+ minutes to fully turn off, I traced the problem to one of 4 OS updates from the ms update site. The OS File has since been updated/changed and turns off in less than 1 and 1/2 minutes.

Not currently possible.

System Encryption at this time does NOT support Keyfiles. Its passwords only.

Additionally, they are extracting the Master Key, which is used by TC for all the data en/decryption. If you have the Master Key, the header can theoretically be ignored (which is what you need the password/header for) to access the data area directly.

Sorry, this is not a solution.

-{ Quote: "Not currently possible.

System Encryption at this time does NOT support Keyfiles. Its passwords only.

Additionally, they are extracting the Master Key, which is used by TC for all the data en/decryption. If you have the Master Key, the header can theoretically be ignored (which is what you need the password/header for) to access the data area directly.

Sorry, this is not a solution." }-

I created TC container in travelers mode, and unless I have my USB stick in, it wont decrypt it. It is 100% using my TC keyfile which is a large data file stored on my USB stick. It won't just accept my password, it also needs the keyfile.

So it is a solution for me as nobody can decrypt my container without the separate USB keyfile

-{ Quote: "Let me ask for a definition here. How do you define turning off your computer.

With both my desktops, when I shut them down, the mobo is still powered. But I kill AC to them totally, and it is obvious (I can see them) that the mobo's are off. I doubt in this situation RAM can hold something for as long as an hour. ???

Pete" }-

Equally the same here. No matter which units i been using, after i power down i reach to the wall switch and completely disengage any current/voltage at all. That's my way of relieving the stress of the activity i place on them on a daily basis.

Don't know if theres any alternate way to break current any better short of maybe pulling the memory module after switching off the juice.

I like that idea about the keyfile, however i use two batch files that completely change the folder which contains the container with the lead TC app and a few other tricks i like to use, like setting them inside Returnil Premium with a password for a total of 5 different passwords all time-consuming because they are well scrambled.

-{ Quote: "...I like that idea about the keyfile..." }-

Yep me too. Without my keyfile that is located on my USB stick which I take with me once I leave my laptop, it's impossible to decrypt my TC container, even if they knew the password.

-{ Quote: "
Do you have any solid evidence that your comments are accurate?
" }-

It’s common knowledge.

-{ Quote: "
As far as I know the TC password is stored in RAM, but not the seperate keyfile. Proof I am wrong?
" }-

You are misunderstanding what the password and keyfile you are using actually do.

-{ Quote: "
because my keyfile that I use is a very large file on my USB stick, too big to fit in my RAM.
" }-

You are wasting your time with such a large keyfile, only its first 1,048,576 bytes (1 MB) are processed.

I suggest you read the contents of this (http://www.truecrypt.org/docs/) before posting any further to avoid misleading others here.

Truth,

The way you had that phrased, I thought you were suggesting using a keyfile with system encryption, not just containers.

And the best defense against power off attacks is to dismount the drive properly. Set up a hot key for wipe and force dismount.

The one mistake your making is you think that a keyfile will make it impossible to get the master key out of ram, it doesn't.

TC doesn't save your password in memory. It uses it once and throws it out, UNLESS you have caching enabled. If you have caching enabled, it stores your password in RAM. It also stores either the path to your keyfile or the hash of the keyfile in RAM. I'll assume that you are not using caching.

So you enter your password, point to your keyfile. TrueCrypt takes the two(or more) pieces of data and creates a hash out of it plus the header salt, then attempts to decrypt the Header. If successful, at this point the Master Key is read from the header, and then the password and keyfile are thrown out as they are no longer needed. TC uses the Master Key to begin en/decryption of the data area. That Master Key now stays in memory until TC wipes it. TC will securely wipe it when the drive is dismounted. Not dismounting the drive and simply hitting the power button is what opens up vulnerability of the "Frozen Ram" attack. (this is essentially the same as a power off, freezing it just slows down the degradation of data in the RAM).

As you can see, the only way to prevent the (cold) ram attack is to always make sure your containers are properly dismounted before shutting the power off. Using key files will provide no protection against this style of attack.

-{ Quote: "It’s common knowledge.



You are misunderstanding what the password and keyfile you are using actually do



You are wasting your time with such a large keyfile, only its first 1,048,576 bytes (1 MB) are processed.

I suggest you read the contents of this (http://www.truecrypt.org/docs/) before posting any further to avoid misleading others here." }-

1. It is not "common knowledge" at all as not everyone agrees with that claim or would know about it.

2. Are you suggesting that someone can decrypt my TC encrypted container without the needed keyfile, even if it's been properly dismounted and laptop shut down without power for ages?

3. Maybe it's you who have not fully understood how it works.

4. Are you suggesting that someone can decrypt my TV container even without knowing the 1,048,576 bytes (1 MB) keyfile data?

5. According to TC, it says, "WARNING, if you lose your keyfile it will be IMPOSSIBLE to mount the volumes that need the keyfile". So are you claiming the guys at TC are "misleading" the public with that statement and that they are wrong and that you are right?

-{ Quote: "....Using key files will provide no protection against this style of attack." }-

So are you saying that the keyfile data + main password are both stored in RAM?

Also, I do NOT have "Cache password and keyfile in memory" + "Cache passwords in driver memory" enabled. They are both DISABLED! And I always take the usb keyfile with me. And when I am finished using my Laptop, I use a hotkey combo to "Force dismount ALL, Wipe Cache & Exit".

But I have a question... When it refers to "Wipe Cache" does that refer to cache on hard drive, or RAM? Does TC store my keyfile or password somewhere on the hard drive?

And when I use this hotkey combo, does it tell TC to wipe the contents of RAM too?

Would you suggest I do anything else to protect myself? Is there anything else I should do?

Thank you KookyMan for your comments.

-{ Quote: "So are you saying that the keyfile data + main password are both stored in RAM?

Also, I do NOT have "Cache password and keyfile in memory" + "Cache passwords in driver memory" enabled. They are both DISABLED! And I always take the usb keyfile with me. And when I am finished using my Laptop, I use a hotkey combo to "Force dismount ALL, Wipe Cache & Exit".

But I have a question... When it refers to "Wipe Cache" does that refer to cache on hard drive, or RAM? Does TC store my keyfile or password somewhere on the hard drive?

And when I use this hotkey combo, does it tell TC to wipe the contents of RAM too?

Would you suggest I do anything else to protect myself? Is there anything else I should do?

Thank you KookyMan for your comments." }-

No, what I'm saying is your Master Key is stored in RAM. It has absolutely nothing to do with your password and keyfile. The ONLY thing your password and keyfile decrypts is the volume header, the first 512bytes (v5.0 and earlier) or the first 128K (v6.0 and later) of the container. Stored within that itty bitty encrypted area is the Master Key. This is what is used to encrypt the rest of the container. That MUST be in ram 100% of the time otherwise you'd not be able to access the container.

Everything you've said so far only protects against accessing the Master Key on the disk, but it is in RAM. If they do the frozen ram attack on you, they aren't after your password. They are after that Master Key. And then yes. once they have that they do not need your password OR your keyfile, since they have no use for the header. They have the Master Key (stored in the header) which gives them direct access to the main container data itself.

Think of it this way. You have a safe sitting in front of you. There are two steps to entry. You need a combination (your password) to open the door on the left(the header). Then within that safe door on the left is a 20 turn combination. (The Master Key.) You keep your key very safe, insert it and open the door, and pull out a copy of the 20 turn combination. You close the door and lock it again. The original combination is safe behind the locked door. You only have a copy of it. Now you read from that paper you just made a copy of and spin the combination on the right hand door and open it. (The data area of the container).

I hope your with me so far.

Now a thief comes in and knocks you over the head, and renders you unconscious. (Pulls plug on PC) He then picks up the paper and makes his own copy of the combination. Now if he comes back later, he already has the combination, so he doesn't need a copy of your key (password/keyfiles) since he already has a copy of the Master Key.

And before you ask, if you change your password/keyfiles, all your doing is changing the key you use to get to the combination.. The only way to change the combination itself is to create a new container and transfer all your data too it.

I don't know any other way to explain it to you.

Oh, and to answer, its RAM. Contents of ram? entirely, no. Just the Master Key to my knowledge. There's nothing else you can do. At this time, the frozen ram attack is generally undefendable, all you can do is keep containers that you are not actively using dismounted. Theres no HD cache. You really should read the manual cuz I'm sure all this is covered.

Just saw that late addition:
-{ Quote: "6. According to TC, it says, "WARNING, if you lose your keyfile it will be IMPOSSIBLE to mount the volumes that need the keyfile". So are you claiming the guys at TC are "misleading" the public with that statement and that they are wrong and that you are right?" }-

No. We're saying that they are right, and so are we. They are right in so far that in so far as the way the program is designed, when used properly, it IS impossible to mount the container without the keyfile. We (Overwriter and myself) are write in so far that it IS possible to do it if you do NOT properly use the program. IE: Power off/Hard Reboot without dismounting containers, allowing your memory to be directly read after such a reboot, they can access the Master Key directly from memory. This has absolutely nothing to do with passwords and keyfiles.

-{ Quote: "
It is not "common knowledge" at all as not everyone agrees with that claim or would know about it.
" }-

It is common knowledge to anyone who has taken the time to read the link I provided you with.

-{ Quote: "
Are you suggesting that someone can decrypt my TC encrypted container without the needed keyfile?
" }-

Yes, if they have the master key. In fact if they have the master key (taken from RAM in this situation) they don't even need to know your password !

-{ Quote: "
Maybe it's you who have not fully understood how it works.
" }-

Just because you don't understand something there is no need to be rude to others taking time to help you. I have read through this thread and there have been some good posts here. I suggest you pay particular attention to what KookyMan and I have written. You should be able to see where you are going wrong with this from our posts alone.

-{ Quote: "
Are you suggesting that someone can decrypt my TV container even without knowing the 1,048,576 bytes (1 MB) keyfile data?
" }-

This is just a repeat of your second question.

truthseeker I suggest you refrain from accusing others of not understanding this subject until you take the time to read the link I sent you and KookyMan’s posts. I appreciate we all have to start somewhere but being plain rude to people helping you is not going to get you very far.

I suggest you “seek the truth” truthseeker and find out the difference between passwords, keyfiles and master keys. Here is a little something to help you.

Your password and keyfile are not the master key !!

Your password and keyfile simply decrypt the master key !!

Your simplistic “fix” will not work as it is the master key that is in RAM, so please stop misleading other members here !

-{ Quote: "
5. Have you ever posted any information that was not 100% accurate? Or do you claim to be an expert in in every aspect of IT and encryption and have perfectly posted 100% accurate data and information since the day you were born? If not, then look in the mirror before being condescending and saying "...before posting any further to avoid misleading others here". Because unless you are 100% perfect and unless you have 100% perfect understanding of all aspects of IT and security and encryption, then you have at some staged posted something misleading.

6. According to TC, it says, "WARNING, if you lose your keyfile it will be IMPOSSIBLE to mount the volumes that need the keyfile". So are you claiming the guys at TC are "misleading" the public with that statement and that they are wrong and that you are right?
" }-

I see you have added these last two little gems since my post.

To be honest after reading your rant I wish I hadn’t taken the time to try to help you. I suggest you read the link I have provided you with, read KookyMan’s very detailed and simplistic explanation and consider your “solution”.

Until you have grasped what we have been trying to tell you please do not mislead other people who don’t understand this attack.

I believe this is a case of a little knowledge is dangerous.

-{ Quote: "No, what I'm saying is your Master Key is stored in RAM. It has absolutely nothing to do with your password and keyfile. The ONLY thing your password and keyfile decrypts is the volume header, the first 512bytes (v5.0 and earlier) or the first 128K (v6.0 and later) of the container. Stored within that itty bitty encrypted area is the Master Key. This is what is used to encrypt the rest of the container. That MUST be in ram 100% of the time otherwise you'd not be able to access the container....." }-

Thanks KM, that made perfect sense, and it helped me to finally understand now. Gotcha :-) Cheers.

-{ Quote: "...Your password and keyfile are not the master key !!

Your password and keyfile simply decrypt the master key !!

Your simplistic “fix” will not work as it is the master key that is in RAM, so please stop misleading other members here !" }-

Yes Overwriter, I realise now I had not fully understood this about the master password and keyfile and normal password.

Thanks, I get it now :-) I was wrong, sorry. And it was never my intention to mislead anyone. I initially posted what I did out of good intent and genuinly wanting to help. Sorry to any readers that may have been misled with what I said, I made a mistake.

-{ Quote: "....... No. We're saying that they are right, and so are we. They are right in so far that in so far as the way the program is designed, when used properly, it IS impossible to mount the container without the keyfile. We (Overwriter and myself) are write in so far that it IS possible to do it if you do NOT properly use the program. IE: Power off/Hard Reboot without dismounting containers, allowing your memory to be directly read after such a reboot, they can access the Master Key directly from memory. This has absolutely nothing to do with passwords and keyfiles." }-

Yes, thank you for your patience and time to explain this to me. I understand now.

Last question.. something which I am still not 100% certain about. If my laptop was to be shutdown without TC being dismounted, will that be a security risk, even if the laptop has been shut down for over 1 hour?

Or does TC dismount itself when Windows is shut down, even if a person didn't properly dismount it through TC?

TC doesn't leave any traces behind on the HDD anyway does it? So once windows shuts down, the container is dismounted anyway?

I have a 5GB container yet I only have 2 GB RAM. So once it's mounted, where does all the decrypted 5GB of data go? Where is it stored? Or is the whole 5GB container still encrypted on my HDD and only the data that I access on the fly is decrypted into RAM?

Yes. I have read the manual, but even after reading the manual I do not have 100% perfect understanding of the whole program, so I hope you dont mind to clarify for me. Thanks.

I knew about freezed RAM attack before. However, there are a few things that I do not understand.

Lets assume that I do system shut down without dismounting the volumes in a proper way. Master key will remain in RAM. For how long? In what time is theoretically possible to get the master key from RAM?

Is it really a matter of minutes or a few hours? Or the master key can remain in RAM for a longer time? Or forever?

Also, what kind of the equipment they need to do a freezed RAM attack? I would like to read about it. Hope somebody can answer my questions.

-{ Quote: "I knew about freezed RAM attack before. However, there are a few things that I do not understand.

Lets assume that I do system shut down without dismounting the volumes in a proper way. Master key will remain in RAM. For how long? In what time is theoretically possible to get the master key from RAM?

Is it really a matter of minutes or a few hours? Or the master key can remain in RAM for a longer time? Or forever?

Also, what kind of the equipment they need to do a freezed RAM attack? I would like to read about it. Hope somebody can answer my questions." }-

Nagib, search the forum here, I know its been discussed, alot. Will find some good explanations and links.


Truth, in order:

Hour? No.

Yes.

Right.

Yes. (last Q.)

Hope that helps.

-{ Quote: "Nagib, search the forum here, I know its been discussed, alot. Will find some good explanations and links.


Truth, in order:

Hour? No.

Yes.

Right.

Yes. (last Q.)

Hope that helps." }-

Yes that helped a lot. I learned a lot today :)

I guess the best way out is to use some mighty bond!
and make the memory bar impossible to be seperated from my PC.
they seperate it(without damaging the chips), they lose time, they lost chance.
=) Isnt this a simple way?

We use GhostSecurity Inc.' CryptoSuite even though Jason does not have time to make some convenient features like with TC (tunnel, wrapper, outside container, hidden container)
:thumb:

-{ Quote: "We use GhostSecurity Inc.' CryptoSuite even though Jason does not have time to make some convenient features like with TC (tunnel, wrapper, outside container, hidden container)
:thumb:" }-

CryptoSuite costs money doesn't it?

And what can CryptoSuite do that the free Truecrypt cannot?

Hello,
Excuse me, but how is this a threat?
What is the chance of someone spilling 20 liters of liquid nitrogen over your computer case in a day to day situation? And if "they" can do it, they can also do some other things, too.
Mrk

-{ Quote: "I guess the best way out is to use some mighty bond!
and make the memory bar impossible to be seperated from my PC.
they seperate it(without damaging the chips), they lose time, they lost chance.
=) Isnt this a simple way?" }-

Not really. In the initial releases about the vulnerability, they didn't even raelly need to disconnect the RAM. In order for this to be effective, you'll also need to damage/disconnect the firewire ports, and possibly the USB Ports. Some have suggested doing that, and then adding a BIOS password. While a BIOS password is easy to clear, it takes time to do it. Along with multiple reboots to discover it, then clear it, and return to a working system.

Mrkvonic: It is a vulnerability... but it is covered in the idea of "security by layers." For this to work, you need physical access to the machine, and as almost anyone says, once you've lost physical access the battle lost. Things like TC do add protection in the chance you do lose physical control, but still.

-{ Quote: "Hello,
Excuse me, but how is this a threat?
What is the chance of someone spilling 20 liters of liquid nitrogen over your computer case in a day to day situation? And if "they" can do it, they can also do some other things, too.
Mrk" }-

ROFL. My first thought after reading this thread is you better also shoot yourself, as they might be able to get it out of you also. Paranoia^n degree.

-{ Quote: "Not really. In the initial releases about the vulnerability, they didn't even raelly need to disconnect the RAM. In order for this to be effective, you'll also need to damage/disconnect the firewire ports, and possibly the USB Ports. Some have suggested doing that, and then adding a BIOS password. While a BIOS password is easy to clear, it takes time to do it. Along with multiple reboots to discover it, then clear it, and return to a working system...." }-

Wouldn't it be quicker and easier to pull out the RAM and put it into another PC which hasn;t got BIOS password etc?

Depends.

Who instigated the powerdown? If the attacker, yes, since they can get rid of the cover. If the user trying to defend, no, its faster to just turn it on and hope there is no password, since screws take awhile.

-{ Quote: "Depends.

Who instigated the powerdown? If the attacker, yes, since they can get rid of the cover. If the user trying to defend, no, its faster to just turn it on and hope there is no password, since screws take awhile." }-

Ok KM :)

-{ Quote: "CryptoSuite costs money doesn't it?

And what can CryptoSuite do that the free Truecrypt cannot?" }-

It costs $$, and it worth for the $$.
You can check at http://ghostsecurity.com/cryptosuite/


CS provides WAN/LAN Secure Messaging function built with man-in-middle attack protect and other brute force attack.

It comes with 1.5mb file in size, and occupies 2-6mb in Memory. very fast performance.

It comes lifetime upgrade policy and backed by genius security and optimal coding and design coder, Jason.

CryptoSuite runs on client OS: Windows XP, 98, ME, 2000, , XP, XP64, 2003 server

-{ Quote: "It costs $$, and it worth for the $$.
You can check at http://ghostsecurity.com/cryptosuite/


CS provides WAN/LAN Secure Messaging function built with man-in-middle attack protect and other brute force attack.

It comes with 1.5mb file in size, and occupies 2-6mb in Memory. very fast performance.

It comes lifetime upgrade policy and backed by genius security and optimal coding and design coder, Jason.

CryptoSuite runs on client OS: Windows XP, 98, ME, 2000, , XP, XP64, 2003 server
" }-

Ok thanks. But I do not need those features, so TrueCrypt will suffice for my personal needs.

However the website says, "CryptoSuite starts off as a full trial version which turns into a free limited version after 30 days. At any time you can purchase CryptoSuite and uprade it to the full version."

So there is a free version too it seems which gets limited in features.

Is this limited featured version much different from TC?

-{ Quote: " It comes lifetime upgrade policy and backed by genius security and optimal coding and design coder, Jason." }-
I don't know how good the application is since I haven't tried it, but I don't think this means a lot. Jason seems to have disappeared and there's been no recent updates for his products.

Hello,

Open-source cryptography > closed-source
Cross-OS program > Windows-only program
Free > Payware

Mrk

Actually, TrueCrypt runs on XP-64 and Vista 32, Vista 64, 2003 Server, 2008 Server.

Windows 2000 does have one limitation, and that is full system encryption, but otherwise it works.

The Lifetime Upgrade isn't really a comparable feature since TC does it to. Only you don't have to pay for it in the first place.

The only area that cryptosuite has over TC is the "CS provides WAN/LAN Secure Messaging function built with man-in-middle attack protect and other brute force attack."

But at this, your getting into a whole different crypto area.

-{ Quote: "Ok thanks. But I do not need those features, so TrueCrypt will suffice for my personal needs.

However the website says, "CryptoSuite starts off as a full trial version which turns into a free limited version after 30 days. At any time you can purchase CryptoSuite and uprade it to the full version."

So there is a free version too it seems which gets limited in features.

Is this limited featured version much different from TC?" }-

Users can have most of features of a full version, but, free version of CS does not provide:

function of encrypting things into a runnable encrypted file (means, with full version, CS encrypts things into an .exe file that can run itself to decrypt that contents with a correct password (an corresponding of CS is embedded into an runnable encrypted file)). Although that it still can encrypt things as usual, and of course, the file is not runnable, and it needs an installed CS on machine to decrypt the encrypted file.
high encryption on wan/lan messaging (limited to 56bit encryption only)
option to put the small CS flashscreen to death.

-{ Quote: "Users can have most of features of a full version, but, free version of CS does not provide:

function of encrypting things into a runnable encrypted file (means, with full version, CS encrypts things into an .exe file that can run itself to decrypt that contents with a correct password (an corresponding of CS is embedded into an runnable encrypted file)). Although that it still can encrypt things as usual, and of course, the file is not runnable, and it needs an installed CS on machine to decrypt the encrypted file.
high encryption on wan/lan messaging (limited to 56bit encryption only)
option to put the small CS flashscreen to death." }-

Ok thanks cafeshop :)

Mods, please rename this thread to something that more suits it since the starter of it now agrees there is currently no solution.

Can anybody please give a clear answer? I definitely didn't understand KookyMan's answers as they were too short.

For how long the master key can stay in RAM if the volumes were not properly dismounted? Are they gone ater a few minutes, hours, or?

Thanks.

Hello,
Depending on the temperature.
Room temperature? Seconds, if that.
Mrk

According to the research by Princeton University, data should be readable in DRAM for about 2 minutes after power off. For about 10 minutes if the DRAM gets cooled to -50 °C.

Why doesn't TrueCrypt just code something that runs automatically after any dismount that fills up the RAM with random data?

-{ Quote: "According to the research by Princeton University, data should be readable in DRAM for about 2 minutes after power off. For about 10 minutes if the DRAM gets cooled to -50 °C." }-

Hello,
Readable to what extent? The quality of the data drops exponentially as the capacitators discharge slowly. Either way, it's a tight call between powering off the machine and removing the RAM sticks and doing some fancy magic.
Mrk

-{ Quote: "Hello,
Readable to what extent? The quality of the data drops exponentially as the capacitators discharge slowly. Either way, it's a tight call between powering off the machine and removing the RAM sticks and doing some fancy magic.
Mrk" }-

It is no magic. The attack presented by the researchers of Princeton University is the implementation of a well known possible attack. They gave proof of concept and realized some easy tools to achieve it.

Thanks guys. So, it's highly unlikely for that to happen. They need the equipment to cool it down to -50 °C. :o

I guess only a few intelligence agencies can do that in real life situation.

-{ Quote: "Why doesn't TrueCrypt just code something that runs automatically after any dismount that fills up the RAM with random data?" }-

It does.

This whole thing depends on you NOT dismounting properly.

-{ Quote: "Thanks guys. So, it's highly unlikely for that to happen. They need the equipment to cool it down to -50 °C.

I guess only a few intelligence agencies can do that in real life situation." }-

Actually, take a can of compressed air, turn it upside down. Now spray whatever you want to cool. Anyone can do it. -50c, not exactly, however it does get damn cold and will extend the time it takes for the memory to fade.

-{ Quote: "Why doesn't TrueCrypt just code something that runs automatically after any dismount that fills up the RAM with random data?" }-

Interesting idea.

-{ Quote: "Thanks guys. So, it's highly unlikely for that to happen. They need the equipment to cool it down to -50 °C. :o

I guess only a few intelligence agencies can do that in real life situation." }-

Put it this way, in my understanding, if you turn off your laptop or PC and stand and stare at it for 2-3 minutes to make sure nobody comes and touches it, by then your TrueCrypt password is gone from RAM :)

Unless you live in North Pole, then you would need to turn it off and stare at it for 4 minutes :)

After that time, you can walk away from your PC or Laptop and be confident nobody can get your TrueCrypt password.

You guys are making no sense again. If you want to make sure your RAM is safe, just Properly Dismount your containers.... This risk comes when the system is UNEXPECTEDLY powered off (IE: pull the plug out of the wall). Not when you shut down, not when you dismount containers. Doing either of these eliminates the risk.

The quickest way to fully dismount all mounted volumes would be to place a shortcut in your Quick Launch bar using this as the target string:

"C:\Program Files\TrueCrypt\truecrypt.exe" /dismount /force /wipecache /quit /silent

Truecrypt will instantly dismount all open volumes, securely wipe the keys from RAM and securely wipe the passsword cache from RAM (if used). However, be careful not to run this by mistake, as it will force a dismount even if files are open and in use.

-{ Quote: "The quickest way to fully dismount all mounted volumes would be to place a shortcut in your Quick Launch bar using this as the target string:

"C:\Program Files\TrueCrypt\truecrypt.exe" /dismount /force /wipecache /quit /silent

Truecrypt will instantly dismount all open volumes, securely wipe the keys from RAM and securely wipe the passsword cache from RAM (if used). However, be careful not to run this by mistake, as it will force a dismount even if files are open and in use." }-

Actually the fastest way would be to configure a hotkey in TrueCrypt, then just hit the hotkey and its done. No need to find your desktop for a shortcut.

-{ Quote: "Actually the fastest way would be to configure a hotkey in TrueCrypt, then just hit the hotkey and its done. No need to find your desktop for a shortcut." }-
Yes, I stand corrected. That would be the best way to do it, providing that you always kept the TrueCrypt program running. However, all of my mounts/dismounts are run via shortcuts and batchfiles utilizing TrueCrypt command-line and I almost never run the TrueCrypt interface, so a TrueCrypt hot key wouldn't work for me.

My shortcut is always visible in the Quick Launch area of my task bar, so I don't have to hunt for it, and it will work whether the TrueCrypt program is running or not. I suppose I could also assign it a Windows hot key, but I don't feel the need for that.

-{ Quote: "You guys are making no sense again. If you want to make sure your RAM is safe, just Properly Dismount your containers.... This risk comes when the system is UNEXPECTEDLY powered off (IE: pull the plug out of the wall). Not when you shut down, not when you dismount containers. Doing either of these eliminates the risk." }-

Yeah, and it's at those times I said if a person is very paranoid, to stand and stare at their PC for 3-4minutes. Then they can walk away.

-{ Quote: "The quickest way to fully dismount all mounted volumes would be to place a shortcut in your Quick Launch bar using this as the target string:

"C:\Program Files\TrueCrypt\truecrypt.exe" /dismount /force /wipecache /quit /silent

Truecrypt will instantly dismount all open volumes, securely wipe the keys from RAM and securely wipe the passsword cache from RAM (if used). However, be careful not to run this by mistake, as it will force a dismount even if files are open and in use." }-

I created a shortcut, Alt+X and it does Force Dismount, Wipe Cache and Exit.

How do I tell the shortcut to wipe RAM? Or is that what Wipe Cache means?

-{ Quote: "
Quote:
Originally Posted by Bensec
I guess the best way out is to use some mighty bond!
and make the memory bar impossible to be seperated from my PC.
they seperate it(without damaging the chips), they lose time, they lost chance.
=) Isnt this a simple way?

Not really. In the initial releases about the vulnerability, they didn't even raelly need to disconnect the RAM. In order for this to be effective, you'll also need to damage/disconnect the firewire ports, and possibly the USB Ports. Some have suggested doing that, and then adding a BIOS password. While a BIOS password is easy to clear, it takes time to do it. Along with multiple reboots to discover it, then clear it, and return to a working system." }-hahaha;D ;D ;D A lot to do for you bond.

-{ Quote: "I created a shortcut, Alt+X and it does Force Dismount, Wipe Cache and Exit.

How do I tell the shortcut to wipe RAM? Or is that what Wipe Cache means?" }-

Thats it.

-{ Quote: "Thats it." }-

Cool, cheers :)