Coldboot attacks and Truecrypt

Networking/Security Forums -> General Security Discussion

Author: Desh PostPosted: Mon May 17, 2010 4:03 am    Post subject: Coldboot attacks and Truecrypt
    ----
I am wondering whether or not an encrypted volume created using Truecrypt is vulnerable to coldboot attacks AFTER it has been dismounted.

Does anyone know if Truecrypt stores passwords in memory even after a volume has been dismounted?

Thanks.

Author: Desh PostPosted: Tue May 18, 2010 12:28 am    Post subject:
    ----
I would post on Truecrypt's forums, but they have an annoying policy that requires an ISP address to be provided during registration, which I am unwilling to use since it is connected to relatively personal information.

I have read that Truecrypt supposedly wipes passwords from memory on dismount, but I want to hear from someone here about what they think/know.

Author: Desh PostPosted: Tue May 18, 2010 2:43 pm    Post subject:
    ----
Also, if someone reboots while at the truecrypt password screen after attempting to mount my encrypted volume, will they be able to recover the password from memory?

Author: wildsniper PostPosted: Wed May 19, 2010 8:16 am    Post subject:
    ----
I am using TrueCrypt now, I have tried to crack it, but failed.

Author: Desh PostPosted: Wed May 19, 2010 8:18 am    Post subject:
    ----
Care to explain what steps you have taken to try to crack it? This might help in determining the answer to my question.

Author: Desh PostPosted: Sun May 30, 2010 1:18 am    Post subject:
    ----
I'll bump this in case anybody else has registered that knows anything about this...

Author: sicaim PostPosted: Sun May 30, 2010 10:20 am    Post subject:
    ----
Desh wrote:
I would post on Truecrypt's forums, but they have an annoying policy that requires an ISP address to be provided during registration, which I am unwilling to use since it is connected to relatively personal information.

I have read that Truecrypt supposedly wipes passwords from memory on dismount, but I want to hear from someone here about what they think/know.


No kidding? Never seen anyone demand an ISP addy before signing up lol

Author: Desh PostPosted: Sun May 30, 2010 3:54 pm    Post subject:
    ----
Indeed, I was surprised. They say since doing that, they have observed reduced spam on their forum. I would think there are more reasonable ways to keep your site spam free.. They are the only one's to date I've seen doing it - and NOT the only spam free forum.

Then again, google sometimes requires a text message confirmation (mobile phone) before making a gmail acct (they ask for your cell, send you a number, ask for that number back on their sign up page)... I'm sure you've seen it.

Author: GroovicusLocation: Centerville, South Dakota PostPosted: Sun May 30, 2010 11:37 pm    Post subject:
    ----
Seems sort of strange to me, especially because they would already have your IP anyway.

Author: Desh PostPosted: Mon May 31, 2010 4:56 am    Post subject:
    ----
In any event, anything on truecrypt?

Author: PhiBerLocation: Your MBR PostPosted: Fri Jun 04, 2010 5:48 pm    Post subject: Re: Coldboot attacks and Truecrypt
    ----
Desh wrote:
I am wondering whether or not an encrypted volume created using Truecrypt is vulnerable to coldboot attacks AFTER it has been dismounted.

Does anyone know if Truecrypt stores passwords in memory even after a volume has been dismounted?

Thanks.


Once a TrueCrypt volume has been dismounted, it will not be vulnerable to a cold boot attack as the contents (e.g. encryption keys and passwords) will be deleted from the RAM.

Author: Desh PostPosted: Fri Jun 04, 2010 11:35 pm    Post subject:
    ----
Thanks for the reply. What about if the 'enter password' screen is up when the machine is rebooted/memory is swapped out? Is the key loaded into ram at that point, like it is at the windows logon screen?

Author: PhiBerLocation: Your MBR PostPosted: Wed Jun 09, 2010 6:24 pm    Post subject:
    ----
The key will only be loaded into RAM after you type in the password (so you wouldn't be vulnerable at the boot up point)...if your PC is put to sleep, a password is NOT required after you wake it up (hence why the cold boot attack works).

Author: Desh PostPosted: Mon Jun 14, 2010 4:06 am    Post subject:
    ----
Thanks for the reply.

Author: verdur0211 PostPosted: Mon Mar 14, 2011 8:59 am    Post subject: Truecrypt cannot recover your password
    ----
TrueCrypt does not allow recovery of encrypted data without knowing the correct password or key. Truecrypt were unable to recover your data because they do not know and can not determine the password of your choice or your keys generated using TrueCrypt. The only way to recover the files you are trying to "crack" password or key, but it could take thousands or millions of years (depending on the length and quality of passwords or keyfiles, on software / hardware performance, algorithms, and other factors).



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group