dan99t Posted November 21, 2015 Share Posted November 21, 2015 Hi, I ran into several videos on youtube demonstrating how to crack encrypted HDD with Bitlocker, Truecrypt & PGP. There are some software also available to accomplish the same thing. So how does one protect his HDD & data ? Thanks Link to comment Share on other sites More sharing options...
n_K Posted November 21, 2015 Share Posted November 21, 2015 Can they be cracked? Of course. Can they be cracked easily? Well if someone has a lot of time or a lot of hardware (i.e. NSA) yes. Your average joe isn't going to be able to easily crack it if you have a strong secure password. Danielx64 1 Share Link to comment Share on other sites More sharing options...
Danielx64 Posted November 21, 2015 Share Posted November 21, 2015 Adding to the above post, dont use that password for anything else :) Link to comment Share on other sites More sharing options...
BinaryData Posted November 21, 2015 Share Posted November 21, 2015 So, this is how it works. The longer the passphrase, the harder it is to crack.The more passphrases or combinations used, the harder it is to crack.mymomsdogatemyhomework would probably take 15 - 20 minutes.Mym0m$d0g@73myh0m3w0rk would probably take a few hours. Now, if you take this passphrase, add a bunch more things to it, it'll be much harder. The NSA has access to super computers, and a lot more resources than the average person. To add on top of what n_K and Danielx64 said, don't use a standard password. I suggest using something like a Pass Phrase Generator. However, losing the passphrase, means all your stuff is gone. TrueCrypt can be broken, there's also VeraCrypt since TrueCrypt had those NSA allegations. Link to comment Share on other sites More sharing options...
Ulpian Posted November 21, 2015 Share Posted November 21, 2015 Please share video showing how easy is to crack Truecrypt/Veracrypt Danielx64 1 Share Link to comment Share on other sites More sharing options...
AStaUK Posted November 21, 2015 Share Posted November 21, 2015 Just looking at a video for cracking Bitlocker the cracks appear to rely on obtaining the recovery key. So if you are protecting a laptop and using full disk encryption you have nothing to worry about unless they can gain access to this host OS. If you have a TPM module, using this + a PIN would also negate this type of attack. Also a good article here; https://technet.microsoft.com/en-GB/library/dn632176.aspx Link to comment Share on other sites More sharing options...
Danielx64 Posted November 21, 2015 Share Posted November 21, 2015 What about external storage? Link to comment Share on other sites More sharing options...
n_K Posted November 21, 2015 Share Posted November 21, 2015 I looked up the videos on youtube and they're all the same thing rehashed: using memory dumps of the system to get the encryption key. You can avoid this by 1) don't allow people to use your pc, 2) disable and do not use hibernation, 3) use non-admin accounts to limit the amount of data someone could get if they tried to make a memory dump. Link to comment Share on other sites More sharing options...
dragon2611 Posted November 21, 2015 Share Posted November 21, 2015 I'd have thought one of the easier ways to "Crack" the encryption would be to infect the machine with malware when it's running at which point if you knew what you were looking for you could presumably pull the encryption keys from memory. It also depends on why you are encrypting the machine in the first place, I tend to do it for laptops because then if someone steals the machine or I leave it somewhere (Less likely but hey not impossible) then at least it's unlikely that someones going to goto the lengths to try and crack the encryption more likely it will get wiped/reloaded and either end up on ebay or being flogged by a dodgy bloke at the pub. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted November 21, 2015 MVC Share Posted November 21, 2015 I would be more worried about the batch of 100,000 hard drives they recently found from a large manufacturer that had malware added to the firmware to hoover up data regardless of OS installed and send it to two IP's in China. Link to comment Share on other sites More sharing options...
n_K Posted November 21, 2015 Share Posted November 21, 2015 I would be more worried about the batch of 100,000 hard drives they recently found from a large manufacturer that had malware added to the firmware to hoover up data regardless of OS installed and send it to two IP's in China. Incorrect and scaremongering. The real problem was the firmware on the NAS controller (NOT the hard drive, the board plugged into the hard drive that provides the network functionality) had exploits and malware. And if you were doing the encryption on a local machine and just storing the encrypted data on the drive it wouldn't make a difference, the NAS would not have the encryption key and they'd have to manually crack the drive. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted November 21, 2015 MVC Share Posted November 21, 2015 Incorrect and scaremongering. The real problem was the firmware on the NAS controller (NOT the hard drive, the board plugged into the hard drive that provides the network functionality) had exploits and malware. And if you were doing the encryption on a local machine and just storing the encrypted data on the drive it wouldn't make a difference, the NAS would not have the encryption key and they'd have to manually crack the drive. Was it, Was it really. See its unfortunate I am bound by a certain control order aka Gagging order otherwise I would have posted the report...With the DRIVE serial numbers. Link to comment Share on other sites More sharing options...
n_K Posted November 21, 2015 Share Posted November 21, 2015 If you were subject to a gagging order then you wouldn't be talking about it at all, because that'd clearly BE AGAINST YOUR ORDER. And yes, it really was, neowin covered it: https://www.neowin.net/forum/topic/1271796-massive-vulnerability-opens-seagate-drives-to-potential-data-theft/ Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 21, 2015 MVC Share Posted November 21, 2015 Here is one thing that in theory makes your password stronger. Assuming they don't find your key. Even then you pad the front with something you remember. while they will know the backend when trying to brute force your password if they find it, they have no idea how long the front is Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted November 21, 2015 MVC Share Posted November 21, 2015 If you were subject to a gagging order then you wouldn't be talking about it at all, because that'd clearly BE AGAINST YOUR ORDER. And yes, it really was, neowin covered it: https://www.neowin.net/forum/topic/1271796-massive-vulnerability-opens-seagate-drives-to-potential-data-theft/ That's not what I was talking about honestly. Link to comment Share on other sites More sharing options...
Recommended Posts