Solution to TrueCrypt Threat!!!

CryptoSuite costs money doesn't it?

And what can CryptoSuite do that the free Truecrypt cannot?

 

Hello,
Excuse me, but how is this a threat?
What is the chance of someone spilling 20 liters of liquid nitrogen over your computer case in a day to day situation? And if "they" can do it, they can also do some other things, too.
Mrk

 

Not really. In the initial releases about the vulnerability, they didn't even raelly need to disconnect the RAM. In order for this to be effective, you'll also need to damage/disconnect the firewire ports, and possibly the USB Ports. Some have suggested doing that, and then adding a BIOS password. While a BIOS password is easy to clear, it takes time to do it. Along with multiple reboots to discover it, then clear it, and return to a working system.

Mrkvonic: It is a vulnerability... but it is covered in the idea of "security by layers." For this to work, you need physical access to the machine, and as almost anyone says, once you've lost physical access the battle lost. Things like TC do add protection in the chance you do lose physical control, but still.

 

Wouldn't it be quicker and easier to pull out the RAM and put it into another PC which hasn;t got BIOS password etc?

 

Depends.

Who instigated the powerdown? If the attacker, yes, since they can get rid of the cover. If the user trying to defend, no, its faster to just turn it on and hope there is no password, since screws take awhile.

 

Ok KM

 

It costs $$, and it worth for the $$.
You can check at http://ghostsecurity.com/cryptosuite/

• CS provides WAN/LAN Secure Messaging function built with man-in-middle attack protect and other brute force attack.
  
• It comes with 1.5mb file in size, and occupies 2-6mb in Memory. very fast performance.
  
• It comes lifetime upgrade policy and backed by genius security and optimal coding and design coder, Jason.
  
• CryptoSuite runs on client OS: Windows XP, 98, ME, 2000, , XP, XP64, 2003 server

 

Ok thanks. But I do not need those features, so TrueCrypt will suffice for my personal needs.

However the website says, "CryptoSuite starts off as a full trial version which turns into a free limited version after 30 days. At any time you can purchase CryptoSuite and uprade it to the full version."

So there is a free version too it seems which gets limited in features.

Is this limited featured version much different from TC?

 

I don't know how good the application is since I haven't tried it, but I don't think this means a lot. Jason seems to have disappeared and there's been no recent updates for his products.

 

Hello,

Open-source cryptography > closed-source
Cross-OS program > Windows-only program
Free > Payware

Mrk

 

Actually, TrueCrypt runs on XP-64 and Vista 32, Vista 64, 2003 Server, 2008 Server.

Windows 2000 does have one limitation, and that is full system encryption, but otherwise it works.

The Lifetime Upgrade isn't really a comparable feature since TC does it to. Only you don't have to pay for it in the first place.

The only area that cryptosuite has over TC is the "CS provides WAN/LAN Secure Messaging function built with man-in-middle attack protect and other brute force attack."

But at this, your getting into a whole different crypto area.

 

Users can have most of features of a full version, but, free version of CS does not provide:

• function of encrypting things into a runnable encrypted file (means, with full version, CS encrypts things into an .exe file that can run itself to decrypt that contents with a correct password (an corresponding of CS is embedded into an runnable encrypted file)). Although that it still can encrypt things as usual, and of course, the file is not runnable, and it needs an installed CS on machine to decrypt the encrypted file.
• high encryption on wan/lan messaging (limited to 56bit encryption only)
• option to put the small CS flashscreen to death.

 

Ok thanks cafeshop

 

Mods, please rename this thread to something that more suits it since the starter of it now agrees there is currently no solution.

 

Can anybody please give a clear answer? I definitely didn't understand KookyMan's answers as they were too short.

For how long the master key can stay in RAM if the volumes were not properly dismounted? Are they gone ater a few minutes, hours, or?

Thanks.

 

Hello,
Depending on the temperature.
Room temperature? Seconds, if that.
Mrk

 

According to the research by Princeton University, data should be readable in DRAM for about 2 minutes after power off. For about 10 minutes if the DRAM gets cooled to -50 °C.

 

Why doesn't TrueCrypt just code something that runs automatically after any dismount that fills up the RAM with random data?

 

Hello,
Readable to what extent? The quality of the data drops exponentially as the capacitators discharge slowly. Either way, it's a tight call between powering off the machine and removing the RAM sticks and doing some fancy magic.
Mrk

 

It is no magic. The attack presented by the researchers of Princeton University is the implementation of a well known possible attack. They gave proof of concept and realized some easy tools to achieve it.

 

Thanks guys. So, it's highly unlikely for that to happen. They need the equipment to cool it down to -50 °C.

I guess only a few intelligence agencies can do that in real life situation.

 

It does.

This whole thing depends on you NOT dismounting properly.

Actually, take a can of compressed air, turn it upside down. Now spray whatever you want to cool. Anyone can do it. -50c, not exactly, however it does get damn cold and will extend the time it takes for the memory to fade.

 

Interesting idea.

 

Put it this way, in my understanding, if you turn off your laptop or PC and stand and stare at it for 2-3 minutes to make sure nobody comes and touches it, by then your TrueCrypt password is gone from RAM

Unless you live in North Pole, then you would need to turn it off and stare at it for 4 minutes

After that time, you can walk away from your PC or Laptop and be confident nobody can get your TrueCrypt password.