Re: TrueCrypt broken

"Xavier Roche" <xroche@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
Matt Mahoney a écrit :
Any idea how this works?

According to the site's description, it works on a live PC with a
truecrypt partition mounted, when the PC is "locked".

The technic claimed may exploit a firefiwre flaw (see for example,
and is supposed to be able to get the keys in the dumped memory.

However, the "password recovery algorithms" for encrypted files technic
is a bit vague and lacks description. Dictionnary attack, maybe ?

It may be useful in a few isolated cases, but for 99.9% of all
Truecrypt volumes (on powered down hard disks or flash disks) this will
be worthless unless the user encrypted with a weak password. In other
words: I'm not worried, I always log off when I leave my PC for any
length of time and I never leave it in standby mode. I currently don't
use Full Disk Encryption, but I keep thinking about it more and more
since it prevents someone from installing a keylogger on your machine.