TrueCrypt vs. Passware

Discussion in 'privacy technology' started by imseca, Oct 24, 2012.

Thread Status:
Not open for further replies.
  1. imseca

    imseca Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    2
    I just read one of the topic here regarding Passware, unfortunately this is old and I can no longer reply. Passware claim about cracking Truecrypt is a bold one but has anyone of you tried this software?

    Can Passware crack Truecrypt "container/drive" even with keyfile?
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Passware made this claim about two years ago. It's rubbish as they cannot "crack Truecrypt encryption." It's the same old frozen RAM attack. Truecrypt addresses this in their documentation. Truecrypt continues to be solid as a rock.
     
  3. passware

    passware Registered Member

    Joined:
    Oct 29, 2012
    Posts:
    1
    Location:
    United States
    Passware software detects and extracts TrueCrypt encryption keys from memory images or hibernation files.

    If the encryption key is present in memory it could be used to decrypt TrueCrypt volumes instantly.

    More information can be found at http://www.lostpassword.com/hdd-decryption.htm
     
  4. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    For that to work your fully encrypted drive needs to be mounted and decrypted when someone uses this software, and if someone can get hold of your computer while it is mounted and decrypted, the least of your worries is some overly expensive vendor program pulling the encryption key from RAM.

    The hibernation avenue is only valid if the target is not using FDE or has hibernation enabled. Not a really reliable extraction avenue.
     
  5. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    As well, It's not a guarantee that you will be able to run 'foreign' software on the box at all. See:

    https://github.com/int0x80/anti-forensics/blob/master/derpherp

    I don't want to get into a cat and mouse anti-forensics discussion, but a lot of assumptions are made when it comes to TC. Sure, some users are dumb, and the low hanging fruit always gets picked first...but it isn't a given.

    PD
     
  6. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188

    OK, here is what you say on your website :
    So, you need PHYSICAL ACCESS to the machine WITH MOUNTED ENCRYPTED VOLUMES to do your 'magic' .

    I say you are full of baloney, your soft CAN NOT crack TC-volumes .

    You are actually confirming what I just wrote on your website :
    Maybe you should tell your customers how many million years that will take and give them a rough estimate of the resulting power-bill ??

     
    Last edited: Nov 1, 2012
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Let me say this: I'm sure there are some actual ~ Snipped as per TOS ~ using TC, and I'm sure they're dumb enough to get caught with mounted disks occasionally - so let's not be too harsh on a vendor for coming up with a *possible* way to extract the keys. Since the data is already accessible, I'd assume a forensicator would copy everything off of the mounted volume/s straight away.

    The first problem is, the MARKETING Dept of companies, is usually clueless to the technology, so you get these "We Cracked TrueCrypt!!!!!!" proclamations. The second problem, is trying to defend that proclamation on a site such as this...we'll call your BS. But that's not how MARKETERS think: Gotta always push the product. If they felt the need to defend, they should have just stated the actual capability and (limited) circumstances under which they *can* operate successfully. Friggen marketing depts - 1024x768 in 4:3 Aspect is the shiznit for a new tablet, you gotta have one! :D

    PD
     
    Last edited by a moderator: Nov 1, 2012
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    They did the same with FileVault 2 (which is the FDE for OSX). It all depends on the machine running. Apple even changed it to where they can't even pull off their firewire memory snatch from 'sleeping' mode. Passware charged almost $1000 for their OSX FileVault 2 forensics utility.
     
Loading...
Thread Status:
Not open for further replies.