• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Coldboot attacks and Truecrypt

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Mon May 17, 2010 4:03 am    Post subject: Coldboot attacks and Truecrypt Reply with quote

I am wondering whether or not an encrypted volume created using Truecrypt is vulnerable to coldboot attacks AFTER it has been dismounted.

Does anyone know if Truecrypt stores passwords in memory even after a volume has been dismounted?

Thanks.
Back to top
View user's profile Send private message
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Tue May 18, 2010 12:28 am    Post subject: Reply with quote

I would post on Truecrypt's forums, but they have an annoying policy that requires an ISP address to be provided during registration, which I am unwilling to use since it is connected to relatively personal information.

I have read that Truecrypt supposedly wipes passwords from memory on dismount, but I want to hear from someone here about what they think/know.
Back to top
View user's profile Send private message
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Tue May 18, 2010 2:43 pm    Post subject: Reply with quote

Also, if someone reboots while at the truecrypt password screen after attempting to mount my encrypted volume, will they be able to recover the password from memory?
Back to top
View user's profile Send private message
wildsniper
Just Arrived
Just Arrived


Joined: 06 Feb 2010
Posts: 0


Offline

PostPosted: Wed May 19, 2010 8:16 am    Post subject: Reply with quote

I am using TrueCrypt now, I have tried to crack it, but failed.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Wed May 19, 2010 8:18 am    Post subject: Reply with quote

Care to explain what steps you have taken to try to crack it? This might help in determining the answer to my question.
Back to top
View user's profile Send private message
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Sun May 30, 2010 1:18 am    Post subject: Reply with quote

I'll bump this in case anybody else has registered that knows anything about this...
Back to top
View user's profile Send private message
sicaim
Just Arrived
Just Arrived


Joined: 30 May 2010
Posts: 0


Offline

PostPosted: Sun May 30, 2010 10:20 am    Post subject: Reply with quote

Desh wrote:
I would post on Truecrypt's forums, but they have an annoying policy that requires an ISP address to be provided during registration, which I am unwilling to use since it is connected to relatively personal information.

I have read that Truecrypt supposedly wipes passwords from memory on dismount, but I want to hear from someone here about what they think/know.


No kidding? Never seen anyone demand an ISP addy before signing up lol
Back to top
View user's profile Send private message Visit poster's website
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Sun May 30, 2010 3:54 pm    Post subject: Reply with quote

Indeed, I was surprised. They say since doing that, they have observed reduced spam on their forum. I would think there are more reasonable ways to keep your site spam free.. They are the only one's to date I've seen doing it - and NOT the only spam free forum.

Then again, google sometimes requires a text message confirmation (mobile phone) before making a gmail acct (they ask for your cell, send you a number, ask for that number back on their sign up page)... I'm sure you've seen it.
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Sun May 30, 2010 11:37 pm    Post subject: Reply with quote

Seems sort of strange to me, especially because they would already have your IP anyway.
Back to top
View user's profile Send private message Visit poster's website
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Mon May 31, 2010 4:56 am    Post subject: Reply with quote

In any event, anything on truecrypt?
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Fri Jun 04, 2010 5:48 pm    Post subject: Re: Coldboot attacks and Truecrypt Reply with quote

Desh wrote:
I am wondering whether or not an encrypted volume created using Truecrypt is vulnerable to coldboot attacks AFTER it has been dismounted.

Does anyone know if Truecrypt stores passwords in memory even after a volume has been dismounted?

Thanks.


Once a TrueCrypt volume has been dismounted, it will not be vulnerable to a cold boot attack as the contents (e.g. encryption keys and passwords) will be deleted from the RAM.
Back to top
View user's profile Send private message
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Fri Jun 04, 2010 11:35 pm    Post subject: Reply with quote

Thanks for the reply. What about if the 'enter password' screen is up when the machine is rebooted/memory is swapped out? Is the key loaded into ram at that point, like it is at the windows logon screen?
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Wed Jun 09, 2010 6:24 pm    Post subject: Reply with quote

The key will only be loaded into RAM after you type in the password (so you wouldn't be vulnerable at the boot up point)...if your PC is put to sleep, a password is NOT required after you wake it up (hence why the cold boot attack works).
Back to top
View user's profile Send private message
Desh
Just Arrived
Just Arrived


Joined: 17 May 2010
Posts: 0


Offline

PostPosted: Mon Jun 14, 2010 4:06 am    Post subject: Reply with quote

Thanks for the reply.
Back to top
View user's profile Send private message
verdur0211
Just Arrived
Just Arrived


Joined: 03 Mar 2011
Posts: 0


Offline

PostPosted: Mon Mar 14, 2011 8:59 am    Post subject: Truecrypt cannot recover your password Reply with quote

TrueCrypt does not allow recovery of encrypted data without knowing the correct password or key. Truecrypt were unable to recover your data because they do not know and can not determine the password of your choice or your keys generated using TrueCrypt. The only way to recover the files you are trying to "crack" password or key, but it could take thousands or millions of years (depending on the length and quality of passwords or keyfiles, on software / hardware performance, algorithms, and other factors).
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register