Cheap GPUs are rendering strong passwords useless?

For discussions about security.
Message
Author
DPUP5520
Posts: 800
Joined: Wed 16 Feb 2011, 05:38

#21 Post by DPUP5520 »

http://www.lostpassword.com/hdd-decryption.htm

http://brian.carnell.com/articles/2008/ ... tem-broke/

The first link refers to the newest version of truecrypt while the second refers to an older version

http://www.schneier.com/blog/archives/2 ... attac.html

Info on the old Evil Maid attack

Most of this info is a little older and does not really apply to 7.0a however it shows vulnerabilities in Truecrypt (or any encryption method) unless you are encrypting the entire filesystem.
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=69651][b][i]PupRescue 2.5[/i][/b][/url]
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=72178][b][i]Puppy Crypt 528[/i][/b][/url]

User avatar
Mechanic_Kharkov
Posts: 9
Joined: Sun 24 Jul 2011, 08:08
Location: Kharkov, Ukraine

#22 Post by Mechanic_Kharkov »

Thank you, DPUP5520 for good news!
There is no TrueCrypt encryption vulnerabilities info under given links was found.
There are some explanations on my opinion about the links here.

1. This decryptor use memory snapshot with encrypted volume open and keys in RAM. If you let the attacker to take a snapshot of your entire RAM, then you can also tell him all your passwords from all used security tools in time as well.
NOTE: If the target computer is turned off and the TrueCrypt/BitLocker volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns Brute-force attacks to recover the original password for the volume.
About RAM access I told above, and hiberfil.sys can contain such data of a very lame user only. And what about brute-force with more-than-200-bits-length passwords... :-)

2. As I said before, all that Bruce Schneier and company were compromised is the Plausible Deniability feature only. The encrypted data itself can not be compromised in this way, just the fact that there is some encrypted data on the volume. And if one uses encrypted disk, and that one knows how software like mentioned MS Office handles files, then that one can easily set up necessary secure environment to prevent such data leakage (e.g. create RAM disk to store Windows temporary directories in it, prevent swap-file usage, etc).

3. This fantastic invisible girl Joanna Rutkowska has a wonderful brain, and if you don't eat color pills from her hands then she sends to you an evil maid! :-)
This attack like the first one uses full memory access. So it affects total system's security but not the TrueCrypt's only. If you run any kind of evil code that have full read access to your RAM - there is no secure thing possible on your system at all. And it does not matter how that code was executed, with boot-loader, or with ordinary horse, elevating rights.
Btw, if you have administrative rights on target machine then you can easily use any kind of keylogger instead of such an exotic way to take keys.

So, still sure TrueCrypt is my trusted friend. Thanks.

Post Reply