Re: TrueCrypt broken



Matt Mahoney a écrit :
http://www.storagenewsletter.com/news/security/passware-kit-forensic
Any idea how this works?

According to the site's description, it works on a live PC with a truecrypt partition mounted, when the PC is "locked".

The technic claimed may exploit a firefiwre flaw (see for example http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation), and is supposed to be able to get the keys in the dumped memory.

However, the "password recovery algorithms" for encrypted files technic is a bit vague and lacks description. Dictionnary attack, maybe ?
.