TrueCrypt Master Key Extraction And Volume Identification

Discussion in 'privacy technology' started by lotuseclat79, Jan 15, 2014.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,093
  2. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Wow, that's amazing stuff they're doing! Thanks for the link.
     
  3. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    Nothing new here. The following comments, posted over a year ago by nemo_otis in alt.privacy.anon-server regarding a similar product are most apt:

    Yawn! ALL current mainstream crypto programs ONLY protect 'data
    at rest'. If the adversary can gain access to the system with
    the encrypted data in the *mounted* state and/or with the *key
    in memory* (or an image of such a state as with hibernation
    files, etc.) then all bets are off - compromising the security
    is trivial.

    Moreover, all crypto protection is based on the foundational
    bedrock of *physical security* - continuous, uncompromised
    control and custody of the computer and its operating
    environment.(1) If that is lost, you're fooked, mate!

    Regards,

    (1) The need for bombproof physical security leads to what I
    call the 'cryptographer's paradox': If our physical security was
    as strong and secure as it should/must be, there would be no
    need for encryption :)


    __
     
  4. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Yes, but look at how beautifully they've automated and enhanced all of the different ways to identify and assemble the data! This is miles ahead of some of the other stuff I've seen. I appreciate it just for its elegance, irregardless of the fact that it runs counter to the security of any TrueCrypt user who is unlucky enough to supply them with the right ingredients (i.e. a live memory dump, a Windows crash dump file, a hibernation file, etc.)
     
  5. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    I'm surprised that nobody seems to be interested in this topic, as there are some important lessons that can be drawn from it.

    For all of you guys who fear law enforcement or the various government agencies, this gives you an idea of the level of competence that some of your adversaries can attain.

    If it were a straight battle of wits, brain against brain, your typical TrueCrypt user wouldn't stand a chance against somebody like this. However, what the TC user does have is a shield, a software program (and its output) that he can hide behind, although for the most part he doesn't even know how it works, wheras these guys do. They also know all of the mistakes that a TC user might make, mistakes that the user probably didn't even know existed. It's a classic predator vs prey relationship.
     
  6. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    i am but not really actually , since its not anything new at all , except some improved memory dump reading scripts and so on , it all comes down to

    what it always has been , physical security and being able to buy a couple seconds if at all in order to power off to have the ram flush , no memory dumps no workable extraction scripts ,next please , lols , but an interesting read nonetheless
     
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I trust dantz, so let me ask:

    What does this do against a completely powered down FDE computer?

    What does this do against a dismounted container with no caching options set, and wipe on dismount set? Hot key set to forcibly dismount and wipe.

    Crashdumps disabled, No hibernation, recent DDR3 RAM.
     
  8. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    id be carefull about containers for using those in a non fde environment as many OSs save some kind of logs of whatever you do , imo its very dangerous the least to say unless its a live cd you use to mount those containers or a fully virtualized OS, but in generall containers arent something id even consider an option
     
  9. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Although the scenarios that you described sound safe, I prefer not to go into specifics about the actual level of security that TrueCrypt offers, mainly because I don't think we will ever be truly aware of all the possible vulnerabilities that are inherent in the compilers, the software, the OS that we run it on, the various hardware components, etc. All you have to do is read the news. The high-level predators in this relationship are a lot smarter and better equipped than we are and they have devised a remarkable array of tricks.

    Here's my advice for TrueCrypt users: Don't trust your life to TrueCrypt.
     
  10. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Truecrypt is a powerful tool but by itself, is not a complete security solution. It all comes back to assessing your level of threat. Protection against a nosy roommate requires a fairly low level of sophistication. Protection from a determined government agency requires many layers of security and precautions. One of these layers could be Truecrypt but definitely not the only one.
     
Loading...
Thread Status:
Not open for further replies.