Re: TrueCrypt broken



"Xavier Roche" <xroche@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:hpno6s$hk$2@xxxxxxxxxxxxxxxxxxx
Matt Mahoney a écrit :
http://www.storagenewsletter.com/news/security/passware-kit-forensic
Any idea how this works?

According to the site's description, it works on a live PC with a
truecrypt partition mounted, when the PC is "locked".

The technic claimed may exploit a firefiwre flaw (see for example
http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation),
and is supposed to be able to get the keys in the dumped memory.

However, the "password recovery algorithms" for encrypted files technic
is a bit vague and lacks description. Dictionnary attack, maybe ?

It may be useful in a few isolated cases, but for 99.9% of all
Truecrypt volumes (on powered down hard disks or flash disks) this will
be worthless unless the user encrypted with a weak password. In other
words: I'm not worried, I always log off when I leave my PC for any
length of time and I never leave it in standby mode. I currently don't
use Full Disk Encryption, but I keep thinking about it more and more
since it prevents someone from installing a keylogger on your machine.



.