Jump to content



Photo

Bitlocker and TrueCrypt Useless Against Passware Forensic?

passware forensics

  • Please log in to reply
8 replies to this topic

#1 Scorbing

Scorbing

    Halo Master

  • Joined: 02-December 01
  • Location: Florida
  • OS: Win 7 Pro, OSX 10.8, Ubuntu 12.10
  • Phone: Galaxy Note 2

Posted 02 February 2013 - 23:20

http://www.youtube.com/watch?v=BbcEnrZiftQ


This is scary. I guess encryption with those applications is no longer useful.

Check this link out:

http://www.lostpassw...-decryption.htm


#2 ZakO

ZakO

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 21-September 07
  • Location: Finland

Posted 02 February 2013 - 23:39

What? It has been known forever that you can retrieve encryption keys if you dump the contents of memory (raw or hiberfil.sys while hibernated) but that relies on the computer being on and the encrypted filesystem being mounted.

No, this absolutely doesn't make truecrypt/bitlocker "useless" / "no longer useful".

#3 OP Scorbing

Scorbing

    Halo Master

  • Joined: 02-December 01
  • Location: Florida
  • OS: Win 7 Pro, OSX 10.8, Ubuntu 12.10
  • Phone: Galaxy Note 2

Posted 02 February 2013 - 23:49

What? It has been known forever that you can retrieve encryption keys if you dump the contents of memory (raw or hiberfil.sys while hibernated) but that relies on the computer being on and the encrypted filesystem being mounted.

No, this absolutely doesn't make truecrypt/bitlocker "useless" / "no longer useful".



So they will not be able to break into an external hard drive that is encrypted then? A backup hard drive I mean.

#4 syobon999

syobon999

    Neowinian

  • Joined: 22-December 09

Posted 02 February 2013 - 23:50

Nope, the latest truecrypt version fixed this
strong truecrypt key = virtually impossible breaking.

#5 ZakO

ZakO

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 21-September 07
  • Location: Finland

Posted 02 February 2013 - 23:54

So they will not be able to break into an external hard drive that is encrypted then? A backup hard drive I mean.

If for example you have an external HDD encrypted and lose the HDD they can't break in to it (without brute forcing, which would take millions of years if you have a decent encryption key).

The scenario in the video you posted would rely on the encrypted external HDD being connected to your computer, the encrypted volume being mounted, and a person having access to your computer so they can dump the memory to retrieve the keys. An encrypted HDD on its own would be useless to them.

#6 OP Scorbing

Scorbing

    Halo Master

  • Joined: 02-December 01
  • Location: Florida
  • OS: Win 7 Pro, OSX 10.8, Ubuntu 12.10
  • Phone: Galaxy Note 2

Posted 02 February 2013 - 23:56

If for example you have an external HDD encrypted and lose the HDD they can't break in to it (without brute forcing, which would take millions of years if you have a decent encryption key).

The scenario in the video you posted would rely on the encrypted external HDD being connected to your computer, the encrypted volume being mounted, and a person having access to your computer so they can dump the memory to retrieve the keys. An encrypted HDD on its own would be useless to them.


Ah, I see...Interesting. I am new to this encryption stuff so I am curious about it. I find it very interesting how companies and groups like the folks that make TrueCrypt can make programs that not even the government with their sophisticated technology can break into. Amazing.

#7 Breach

Breach

    Neowinian

  • Joined: 31-October 01
  • Location: Brussels, Belgium

Posted 03 February 2013 - 00:04

Jesus, that's security 101. There are good practices to follow, read more here:
http://www.truecrypt...ysical-security

In summary:
1. Hibernation is your enemy. You don't want a copy of your RAM anywhere.
2. Keys ARE purged when TrueCrypt can DISMOUNT the volume and that's what you should always do.

#8 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 03 February 2013 - 03:22

does this guy work for the government? "they'll get you!!! not fearmongering but THEY'LL GET YOUUU!!! If you're a bad guy don't even bother!"

#9 OP Scorbing

Scorbing

    Halo Master

  • Joined: 02-December 01
  • Location: Florida
  • OS: Win 7 Pro, OSX 10.8, Ubuntu 12.10
  • Phone: Galaxy Note 2

Posted 03 February 2013 - 03:23

does this guy work for the government? "they'll get you!!! not fearmongering but THEY'LL GET YOUUU!!! If you're a bad guy don't even bother!"


LOL...LOL...LOL

Maybe he speaks from personal experience. Maybe they got him at one point for being stupid!



Click here to login or here to register to remove this ad, it's free!