True crypt can be broken? read this!

hi all


i am sure someone somewhere on this forums already Referred to this.

http://www.lostpassword.com/hdd-decryption.htm

but i wounder if its falls , why it kept on the owner site??


10x

 

The most important part of that page is this one:

Passware Kit scans the physical memory image file (acquired while the encrypted BitLocker or TrueCrypt disk was mounted, even if the target computer was locked)

For this to work your fully encrypted drive needs to be mounted and decrypted when someone gets hold of it, and if someone can get hold of your computer while it is mounted and decrypted, the less of your worries is some program pulling the encryption key from RAM and reusing it, if you switch your computer off when you are not around you are safe, if you use a screensaver (locked), you are not.

 

oww...

its so dummy approach so i misunderstood it maybe
if its all about when your pc is mounted and decrypted u can EVEN insert a usb hd and copy al the data HAHA why using all this dump and stuff

10x mate for lighting it to me

 

But the "hacker" should be able to unlock (password protected) your pc first? no?

If I disable the hibernation I'm protected?

BTW nice blog, although I miss RSS

 

I don't know about bitlocker but if you read the Truecrypt docs you will find a warning(s?) about using hibernation.
In theory, if you are using full system/disk encryption of all disks in the machine, the hiberfil.sys file should also be encrypted. To be sure, don't use hibernation and turn off your computer when you leave.

Bottom line is that encryption is not magic. If you don't understand the details of how it works your data is much more vulnerable.

I suspect local law enforcement counts on stupid criminals blindly trusting encryption to lock their data. I just hate to see police having to purchase software like Passware Kit at such a high price.

 

police and other law enforcement groups as far as i know cant break true crypt by it password .

i mean ignore the stupid users , they cant brake it by software or any trap doors

 

A stupid user is someone that uses truecrypt but doesn't understand what they are doing. An example is someone that uses file based containers because full system encryption is to hard to figure out.
For example, if you use a file based container, hibernate your system and leave your computer unattended. In that case, passware like programs have no problem capturing the master keys from hiberfil.sys

If you are not stupid and have data you want kept secret, use full system encryption and turn off hibernation. Never walk away from your system without a full shutdown. In that case it is impossible for even the NSA to crack your encryption.

 

Just because you're using file based containers doesn't mean you're stupid and don't understand truecrypt. Some people don't need to encrypt their entire system, only very important files.

I do somewhat agree with your second statement though (except hiberfil.sys can be easily encrypted).

 

or encrypt specific files and turn off hibernation... lmao

 

Both encrypt it if you encrypt all partitions. Bitlocker disables sleep mode when using it. I also recommend enabling encrypted page file and hibernation file in gpedit this adds a second layer of AES-256 bit encryption to those files.

As long as the computer is hibernated it is safe however if an attacker can intercept the hibernation file at boot time than you can be compromised. All in all don't hibernate or at least don't resume in an unsafe location.

 

this refer only to full hd encryption ? not container file encryption?

 

There is no need to "unlock" your password protected screensaver, it is possible to plug in a USB thumbdrive that will use Windows autorun to execute a script and get your encryption keys from RAM. If your computer is not hibernating then disabling hibernation will not protect you, the encryption keys will be found in RAM memory.

 

If they have physical access to your PC with the disk mounted, you have more serious things to worry about ;Ð

 

Encrypting page file works in both cases however if you use a container it is not recommended to hibernate UNLESS you clear it from cache. I don't bother with hibernate but with FDE it should be fine as long as the resume process isn't intercepted and you don't allow an attacker access when mounted.

box750:

Yes and no. While a screensaver wont do anything you can mitigate it by disabling autorun and using window 7's lockscreen. This is much harder to bypass but not by much I recommend shutting down or only using it in a trusted location to keep the honest people out

 

Also according to TrueCrypt FDE protects hibernation and page file:

And this disclaimer about XP and windows 2003:

Source

Same goes for Paging Files and Memory Dumps

As long as the disk is NOT mounted you are safe and CAN use hibernation without compromise. HOWEVER if an attacker has the mounted disk they CAN, obviously, copy those files and grab the key latter on.

So don't boot in a hostile environment unless you can protect your computer physically and do NOT walk away in such an environment leaving it logged on. At least hibernate it.

 

That assumes that you have malware on your computer.

 

But if you dismount TrueCrypt and restart your computer, then nothing, at that point, other than some type of installed keylogger can get anything, correct?

 

Eh??

The OP noted that a program called "Passware" can extract encryption keys from memory and/or hiberfil.sys
No malware required. Of course if your system is compromised with malware, encryption can't be trusted to protect you.

The real bottom line is that modern encryption is mathematically unbreakable. It is pointless to try to bruteforce guess strong passwords for something like Truecrypt. The only way to "break" the encryption is to bypass it by capturing passwords after they are entered. To ensure your data is safe from sophisticated attacks, never connect to a network, only enter your passwords in a secured area, and shut down your system if you leave.
Even if you operate with this level of security, your adversary could suddenly break down your door and prevent you from shutting down your system. In that case you would need some sort of hardware based security that automatically shut down your system under such circumstances. This may or may not be possible.

 

I know this isn't what you mean but interestingly Avast detects it as a PUP (potentially unwanted program). I guess some AV's don't like this thing anyways.