TrueCrypt Master Key Extraction And Volume Identification

TrueCrypt Master Key Extraction And Volume Identification.

-- Tom

 

Wow, that's amazing stuff they're doing! Thanks for the link.

 

Nothing new here. The following comments, posted over a year ago by nemo_otis in alt.privacy.anon-server regarding a similar product are most apt:

Yawn! ALL current mainstream crypto programs ONLY protect 'data
at rest'. If the adversary can gain access to the system with
the encrypted data in the *mounted* state and/or with the *key
in memory* (or an image of such a state as with hibernation
files, etc.) then all bets are off - compromising the security
is trivial.

Moreover, all crypto protection is based on the foundational
bedrock of *physical security* - continuous, uncompromised
control and custody of the computer and its operating
environment.(1) If that is lost, you're fooked, mate!

Regards,

(1) The need for bombproof physical security leads to what I
call the 'cryptographer's paradox': If our physical security was
as strong and secure as it should/must be, there would be no
need for encryption
​

__

 

Yes, but look at how beautifully they've automated and enhanced all of the different ways to identify and assemble the data! This is miles ahead of some of the other stuff I've seen. I appreciate it just for its elegance, irregardless of the fact that it runs counter to the security of any TrueCrypt user who is unlucky enough to supply them with the right ingredients (i.e. a live memory dump, a Windows crash dump file, a hibernation file, etc.)

 

I'm surprised that nobody seems to be interested in this topic, as there are some important lessons that can be drawn from it.

For all of you guys who fear law enforcement or the various government agencies, this gives you an idea of the level of competence that some of your adversaries can attain.

If it were a straight battle of wits, brain against brain, your typical TrueCrypt user wouldn't stand a chance against somebody like this. However, what the TC user does have is a shield, a software program (and its output) that he can hide behind, although for the most part he doesn't even know how it works, wheras these guys do. They also know all of the mistakes that a TC user might make, mistakes that the user probably didn't even know existed. It's a classic predator vs prey relationship.

 

i am but not really actually , since its not anything new at all , except some improved memory dump reading scripts and so on , it all comes down to

what it always has been , physical security and being able to buy a couple seconds if at all in order to power off to have the ram flush , no memory dumps no workable extraction scripts ,next please , lols , but an interesting read nonetheless

 

I trust dantz, so let me ask:

What does this do against a completely powered down FDE computer?

What does this do against a dismounted container with no caching options set, and wipe on dismount set? Hot key set to forcibly dismount and wipe.

Crashdumps disabled, No hibernation, recent DDR3 RAM.

 

id be carefull about containers for using those in a non fde environment as many OSs save some kind of logs of whatever you do , imo its very dangerous the least to say unless its a live cd you use to mount those containers or a fully virtualized OS, but in generall containers arent something id even consider an option

 

Although the scenarios that you described sound safe, I prefer not to go into specifics about the actual level of security that TrueCrypt offers, mainly because I don't think we will ever be truly aware of all the possible vulnerabilities that are inherent in the compilers, the software, the OS that we run it on, the various hardware components, etc. All you have to do is read the news. The high-level predators in this relationship are a lot smarter and better equipped than we are and they have devised a remarkable array of tricks.

Here's my advice for TrueCrypt users: Don't trust your life to TrueCrypt.

 

Truecrypt is a powerful tool but by itself, is not a complete security solution. It all comes back to assessing your level of threat. Protection against a nosy roommate requires a fairly low level of sophistication. Protection from a determined government agency requires many layers of security and precautions. One of these layers could be Truecrypt but definitely not the only one.