site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > PGP, TrueCrypt-encrypted files CRACKED by £300 tool

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

dsilvers

join:2009-05-17
Canyon Lake, TX

reply to alien8

Re: PGP, TrueCrypt-encrypted files CRACKED by £300 tool

said by elcomsoft site :
Three Ways to Acquire Encryption Keys

•By analyzing the hibernation file (if the PC being analyzed is turned off);
•By analyzing a memory dump file *
•By performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).

•Turn off hibernation in power settings then delete the hibernation file. If hibernation is off the system will not rebuild the file.

•Open Truecrypt > Settings > Preferences > Uncheck Cache passwords in driver memory. If i remember correctly that is a default setting.

•Disable any firewire ports in network connections. Open Truecrypt > Settings > Preferences > Check everything under Auto-Dismount.

•Don't run as administrator and most importantly use strong passwords.

•If the black helicopters start circling pull the plug.

This is mostly snake oil. They use a cuda based password cracker, BFD, use a strong password. They use some marketing buzz at their site that would make some think encryption was vulnerable such as "near 100% results".

As others have mentioned their is nothing new here. On the other hand I suppose you can become vulnerable if you try hard enough.
to forum · permalink · 2012-12-21 11:55:24 ·

Uraki
Uraki
Premium
join:2003-06-22
Belle Plaine, KS

You forgot the 4th way:

»xkcd.com/538/

to forum · permalink · 2012-12-23 16:18:56 ·

slajoh01

join:2005-04-23

What really worries me about TrueCrypt, is that its not FIPS 140-2 compliant.

to forum · permalink · 2012-12-29 06:32:29 ·


Ian
Premium
join:2002-06-18
ON
kudos:1
Reviews:
·Rogers Hi-Speed
2 edits

said by slajoh01:

What really worries me about TrueCrypt, is that its not FIPS 140-2 compliant.

There's a difference between it being "compliant" and validated. Yes, they haven't gone through the Federal certification program which costs time and thousands of dollars. But it is free and open source. Would it pass? No idea. I know of no reason why it wouldn't though. Why is federal certification important to you?
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong
to forum · permalink · 2012-12-29 10:33:39 ·
Forums > Broadband Tech > Security > Security

Sunday, 19-May 02:36:48 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics