RE: Help on truecrypt recovery

Any memory dumper would allow you to read the memory of the truecrypt executable.
I personally often use Winhex.
Here's the initial thread where the problem in TrueCrypt and the password in the keyboard buffer are discussed:

http://forums.truecrypt.org/viewtopic.php?t=8761

As of version 5.0a this problem has been fixed

I just tested it and on a regular mounted volume and the plaintext password cannot be found in the truecrypt.exe executable nor in the physical memory of the computer.
So I guess they fixed that problem along with the keyboard buffer.

I hope this helps.

- Mark


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Raj
Sent: dinsdag 30 december 2008 5:33
To: Raj
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Help on truecrypt recovery

Thank for reply. Well i think i steered it wrong . Here is a link
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
Its possible to crack an full disk (encryption) , though latest
version has plugged that hole. I wanted to know is this possible on a
file (which is mounted on OS) encyption?. Also when i punch password
for the file to be decrypted and mounted on OS, where does the
decryption engine load the data and key (any pointers?).
I guess by just monitoring real memory space of the truecrypt.exe
actions, tonnes can be know, but i dont know a suitable tool for same(
any pointers again?)

Regards
Raj

On Mon, Dec 29, 2008 at 10:36 PM, Christian Campbell
<ccampbell@xxxxxxxxxxxxx> wrote:

On the new year note , I happend to forget my truecrypt password. I
got some queries in this regards

1. BIOS 's pre-boot authentication works on full disk encryption but
what abt file encryption (over OS), any pointers ?
2. How does password mechanism work on a encrypted file.
3. Any good disctionary attack tools.


The whole idea is that without the password, you can't access the data. It
seems you're hoping that there's a trivial way to gain access to your
volume. If it were that simple, why would you use the product? Me thinks
you're poked. Kiss your data goodbye.




--
________________________________________

Relevant Pages

  • Re: Hiding Porn on your Computer
    ... Program runs from memory stick. ... Its very quick with no long winded encryption of every file although ... Truecrypt is better. ... Plod has thought of that one. ...
    (uk.legal)
  • Re: Can I encrypt a director and all its subdirectories?
    ... Also - memory images. ... TrueCrypt even has a double file system, ssso you can use one key to ... but a second key reveals the real contents. ...
    (comp.os.linux.misc)
  • Re: Running ScramDisk under Windows XP
    ... (Part of the downside of being an old fart is ... >>that your memory goes. ... >>If you need it I can upload the original Truecrypt 1.0. ... I asked a fellow I know to upload Truecrypt 1.0 (and some utilities you may ...
    (alt.privacy)
  • Re: Installing EncFS on SUSE 10.0
    ... within the original encrypted file/directory or partition. ... the name Truecrypt, you can use it, and give it away to friends, but, you ... To create the random data for the encryption, ... with a FAT file system, install truecrypt on a Windows computer at work, ...
    (alt.os.linux.suse)
  • [SW] TrueCrypt 3.0 available at truecrypt.sourceforge.net
    ... The principle is that a TrueCrypt volume is created within another ... for the outer volume. ... Serpent encryption algorithm ... - If the size of a partition/device was not a multiple of 1024 bytes, ...
    (sci.crypt)
Quantcast