dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
35

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy to alien8

MVM

to alien8

Re: PGP, TrueCrypt-encrypted files CRACKED by £300 tool

The main thing is that the computer has to either be on or have hibernation enabled. If neither of those is met, and the password is good, then the data is still secure.

morbo
Complete Your Transaction
join:2002-01-22
00000

morbo

Member

"Coincidentally, I looked at the Truecrypt website yesterday and noted that it said on the site that it does on-the-fly encrypting and decrypting, which means that the key must be in the RAM."

angussf
Premium Member
join:2002-01-11
Tucson, AZ

angussf to Kilroy

Premium Member

to Kilroy
said by Kilroy:

The main thing is that the computer has to either be on or have hibernation enabled. If neither of those is met, and the password is good, then the data is still secure.

In the current version of TrueCrypt (7.1a) you are protected against this if you have whole-disk encryption enabled and the hibernation file is on an encrypted partition.
TrueCrypt - Free Open-Source Disk Encryption Software - Documentation - Hibernation File
»www.truecrypt.org/docs/h ··· ion-file
Note: The issue described below does not affect you if the system partition or system drive is encrypted* (for more information, see the chapter System Encryption) and if the hibernation file is located on any of the partitions within the key scope of system encryption (which it typically is, by default), for example, on the partition where Windows is installed. When the computer hibernates, data are encrypted on the fly before they are written to the hibernation file.

When a computer hibernates (or enters a power-saving mode), the content of its system memory is written to a so-called hibernation file on the hard drive. You can configure TrueCrypt (Settings > Preferences > Dismount all when: Entering power saving mode) to automatically dismount all mounted TrueCrypt volumes, erase their master keys stored in RAM, and cached passwords (stored in RAM), if there are any, before a computer hibernates (or enters a power-saving mode). However, keep in mind, that if you do not use system encryption (see the chapter System Encryption), TrueCrypt still cannot reliably prevent the contents of sensitive files opened in RAM from being saved unencrypted to a hibernation file. Note that when you open a file stored on a TrueCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the computer is turned off).

Note that when Windows enters Sleep mode, it may be actually configured to enter so-called Hybrid Sleep mode, which involves hibernation. Also note that the operating system may be configured to hibernate or enter the Hybrid Sleep mode when you click or select "Shut down" (for more information, please see the documentation for your operating system).

To prevent the issues described above, encrypt the system partition/drive (for information on how to do so, see the chapter System Encryption) and make sure that the hibernation file is located on one the partitions within the key scope of system encryption (which it typically is, by default), for example, on the partition where Windows is installed. When the computer hibernates, data will be encrypted on the fly before they are written to the hibernation file.