| View previous topic :: View next topic |
| Author |
Message |
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
 Posted: Mon May 17, 2010 4:03 am Post subject: Coldboot attacks and Truecrypt |
 |
|
I am wondering whether or not an encrypted volume created using Truecrypt is vulnerable to coldboot attacks AFTER it has been dismounted.
Does anyone know if Truecrypt stores passwords in memory even after a volume has been dismounted?
Thanks.
|
|
| Back to top |
|
 |
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
| Posted: Tue May 18, 2010 12:28 am Post subject: |
|
|
I would post on Truecrypt's forums, but they have an annoying policy that requires an ISP address to be provided during registration, which I am unwilling to use since it is connected to relatively personal information.
I have read that Truecrypt supposedly wipes passwords from memory on dismount, but I want to hear from someone here about what they think/know.
|
|
| Back to top |
|
|
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
| Posted: Tue May 18, 2010 2:43 pm Post subject: |
|
|
|
Also, if someone reboots while at the truecrypt password screen after attempting to mount my encrypted volume, will they be able to recover the password from memory?
|
|
| Back to top |
|
|
wildsniper
Just Arrived
Joined: 06 Feb 2010
Posts: 0
|
| Posted: Wed May 19, 2010 8:16 am Post subject: |
|
|
|
I am using TrueCrypt now, I have tried to crack it, but failed.
|
|
| Back to top |
|
|
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
| Posted: Wed May 19, 2010 8:18 am Post subject: |
|
|
|
Care to explain what steps you have taken to try to crack it? This might help in determining the answer to my question.
|
|
| Back to top |
|
|
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
| Posted: Sun May 30, 2010 1:18 am Post subject: |
|
|
|
I'll bump this in case anybody else has registered that knows anything about this...
|
|
| Back to top |
|
|
sicaim
Just Arrived
Joined: 30 May 2010
Posts: 0
|
| Posted: Sun May 30, 2010 10:20 am Post subject: |
|
|
| Desh wrote: |
I would post on Truecrypt's forums, but they have an annoying policy that requires an ISP address to be provided during registration, which I am unwilling to use since it is connected to relatively personal information.
I have read that Truecrypt supposedly wipes passwords from memory on dismount, but I want to hear from someone here about what they think/know. |
No kidding? Never seen anyone demand an ISP addy before signing up lol
|
|
| Back to top |
|
|
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
| Posted: Sun May 30, 2010 3:54 pm Post subject: |
|
|
Indeed, I was surprised. They say since doing that, they have observed reduced spam on their forum. I would think there are more reasonable ways to keep your site spam free.. They are the only one's to date I've seen doing it - and NOT the only spam free forum.
Then again, google sometimes requires a text message confirmation (mobile phone) before making a gmail acct (they ask for your cell, send you a number, ask for that number back on their sign up page)... I'm sure you've seen it.
|
|
| Back to top |
|
|
Groovicus
Trusted SF Member
Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota
|
| Posted: Sun May 30, 2010 11:37 pm Post subject: |
|
|
|
Seems sort of strange to me, especially because they would already have your IP anyway.
|
|
| Back to top |
|
|
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
| Posted: Mon May 31, 2010 4:56 am Post subject: |
|
|
|
In any event, anything on truecrypt?
|
|
| Back to top |
|
|
PhiBer
SF Mod
Joined: 11 Mar 2003
Posts: 20
Location: Your MBR
|
| Posted: Fri Jun 04, 2010 5:48 pm Post subject: Re: Coldboot attacks and Truecrypt |
|
|
| Desh wrote: |
I am wondering whether or not an encrypted volume created using Truecrypt is vulnerable to coldboot attacks AFTER it has been dismounted.
Does anyone know if Truecrypt stores passwords in memory even after a volume has been dismounted?
Thanks. |
Once a TrueCrypt volume has been dismounted, it will not be vulnerable to a cold boot attack as the contents (e.g. encryption keys and passwords) will be deleted from the RAM.
|
|
| Back to top |
|
|
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
| Posted: Fri Jun 04, 2010 11:35 pm Post subject: |
|
|
|
Thanks for the reply. What about if the 'enter password' screen is up when the machine is rebooted/memory is swapped out? Is the key loaded into ram at that point, like it is at the windows logon screen?
|
|
| Back to top |
|
|
PhiBer
SF Mod
Joined: 11 Mar 2003
Posts: 20
Location: Your MBR
|
| Posted: Wed Jun 09, 2010 6:24 pm Post subject: |
|
|
|
The key will only be loaded into RAM after you type in the password (so you wouldn't be vulnerable at the boot up point)...if your PC is put to sleep, a password is NOT required after you wake it up (hence why the cold boot attack works).
|
|
| Back to top |
|
|
Desh
Just Arrived
Joined: 17 May 2010
Posts: 0
|
| Posted: Mon Jun 14, 2010 4:06 am Post subject: |
|
|
|
Thanks for the reply.
|
|
| Back to top |
|
|
verdur0211
Just Arrived
Joined: 03 Mar 2011
Posts: 0
|
| Posted: Mon Mar 14, 2011 8:59 am Post subject: Truecrypt cannot recover your password |
|
|
|
TrueCrypt does not allow recovery of encrypted data without knowing the correct password or key. Truecrypt were unable to recover your data because they do not know and can not determine the password of your choice or your keys generated using TrueCrypt. The only way to recover the files you are trying to "crack" password or key, but it could take thousands or millions of years (depending on the length and quality of passwords or keyfiles, on software / hardware performance, algorithms, and other factors).
|
|
| Back to top |
|
|
|
