Breaking TrueCrypt/AES

Discussion in 'privacy technology' started by newjersian1, Sep 23, 2013.

  1. newjersian1

    newjersian1 Registered Member

    Joined:
    Aug 3, 2013
    Posts:
    2
    I have had this question rolling around in my head for several months now. I attended a presentation by a police officer who specialized in computer security. One of his main jobs is to scan computers for child pornography. He said he did this by inserting a flash drive given to the police department by a federal agency (I believe it was the NSA) and looking at what the flash drive came up with. I raised my hand and asked him what he did if the computer's owner had encrypted files and he said that it didn't matter. He specifically referenced TrueCrypt when he said, " Some people use encryption programs such as TrueCrypt to try to hide their files, but all it does is make the flash drive run a little longer."

    So how can this work? I am not looking to start an argument about the overreaching powers of the federal government and what may have backdoors or whatever. I am just curious as to how this little flash drive can detect hidden TrueCrypt volumes and then see if there is illegal pornography on them.
     
  2. It could be running a search for known hashes of files they have recovered before from pedo's that were encrypted/unencrypted and match the hashes of files.

    That's just my guess.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
  4. newjersian1

    newjersian1 Registered Member

    Joined:
    Aug 3, 2013
    Posts:
    2
    I didn't think you could see individual files in a TrueCrypt container without the password. (I'm not an expert, just a guy who has read through many forums. Please correct me if I'm wrong)

    Also, how could the program see if there is a hidden container somewhere on the computer? Is the container hiding part of TrueCrypt just not that good?
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    He was telling Tall Tales. Strong encryption is not broken.

    Also, the flash drives he was talking about are provided to law enforcement by Microsoft. The NSA doesn't deal with child pornography. Read this Wikipedia article for more information.
    https://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor
     
  6. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    You can't read encrypted data without the keys, this is simple. You roll a dice in the other room, I can't tell what it rolled from this room because the data is not in a read format, or I cant see into the room.
     
  7. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    That Police Officer who "specializes" in computer security is simply mistaken. You aren't going to read encrypted data from a drive without the key. Period. What he might be referring to is if he has access to a mounted volume -- then yeah, you can search it just as you would unencrypted data. But if the drive is not mounted and the key is not still in memory, he ain't going to be able to read the data. If he says otherwise, he is FoS.
     
  8. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    AES is fine, people are broken. Your encryption is only as good as the key you choose. If your safe can support multiple forms of authentication, but you only chose the small metal key...well. Same principle here. From a forensic standpoint the police officer is correct. Forensic experts are very good at guessing the non-random factor, people. All it takes is some guess work, the target's personal likes dislikes (social media is a great asset), their other known passwords (Most people reuse passwords). Known human laziness, if the person is required to change their password every 30 days or have to follow password constraints they will do the bare minimum because too complex and they'll forget. Example; their old password is P@ssword, their new one will most likely be P@ssword1. Using known word dictionaries helps as well. (I myself have close to ~50 terabytes in word lists)

    I'd say they (law enforcement) more than likely get ~20% of the encryption cases decrypted, the other 80% are not. This isn't due to some fancy exploit on AES, or Truecrypt's implementation, its due to human nature. If your pass-phrases are well known, chances are that password has been used before and is vulnerable. If you used a complex 63 char password that was on a compromised website's database, its now fair game. Random password generators online also should be taken with a grain of salt if used verbatim.

    Remember minimum requirements are called minimum for a reason...;)

    -EB
     
  9. JimmySausage

    JimmySausage Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    55
    I absolutely agree. Trust No One (TNO) But trust the MATH!
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    The computers were probably already running/ turned on, or, it attempts to bruteforce weak passwords.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If that's the case, disabling autorun and a default-deny policy should stop it in its tracks, unless LEA hads access to new zero-day exploits we're not aware of.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Of course they do.
     
  13. Very interesting i have 2 questions if you or other guys could answer me

    1) Lets suppose i am using TC and i have some pdf files here, the volume isnt mounted and the password isnt know they can search and find the name or the ashes of these files like a user said before? If yes how can i change the info of a file in order to hide it from searching?

    2) A curiosity iv always had about brute force attacks,
    Those are two 12 caracters password:

    abc£def%ghi$

    abc$def$ghi$

    In the first one there are 3 different symbols, in the last one there are 3 symbols but its always the same one.

    The first one its so more secure than the second or there isnt a big difference?

    When i use a password and they try to decrypt it using brute force attacks, they can know if i always use the same symbols, or if i use only letters? letters + numbers? Letters + numbers + symbols? I mean they already know it and they search for the right combination or they dont know NOTHING? Thanks u so much
     
  14. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    it probably runs a little longer and then finds nothing if the files are properly encrypted.
     
  15. RoamMaster

    RoamMaster Registered Member

    Joined:
    Oct 1, 2006
    Posts:
    50
    Last edited: Sep 27, 2013
  16. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    That is really not good advice..
     
  17. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Yeah.... special characters are more important then length. You should really avoid giving out bad advice.

    Correcthorsebatterystaple is a lot simplier to break then G6^5sH1!!gB# which is shorter but more secure etc. Clearly someone has never seen a word list.
     
  18. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Why am I never at these presentations? :D

    There is a ton of USB blocking software out there. It isn't a panacea, but a worthwhile layer I think.

    Or just rip out/glue/weld/snip all USB ports on your sensitive computer - there are many ways to still get files on there.

    PD
     
  19. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    On my old computer the flat plastics connectors fell out of all 3 of my USB ports at the same time one night a few years ago on my old laptop, don't know how or why! But trust me, working USB ports are great. :p
     
  20. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
  21. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Interesting thread. :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.