Tuesday, March 30, 2010

Break TrueCrypt hard drive encryption quickly

And Bitlocker, PGP archives, Windows passwords, Internet passwords, Excel spreadsheets... YIKES!!!

The only thing that appears to be safe are PGP encrypted files that require the presence of both the passphrase and the encryption key. That would of course mean that you would still need to separate the two - like keeping your keyring on a separate USB stick or CD.

In a nutshell the software scans the target computer's memory via firewire or USB connections and plucks the password directly from it's memory. For $800 law enforcement (or anyone with $800) can violate your 4th amendment rights, steal your identity, or capture the secret to grandma's salad dressing.

Break TrueCrypt hard drive encryption quickly

Apparently this is a well known exploit in the Truecrypt universe. This excerpt from the Trucrypt documentation warns about it, and gives tips on how to mitigate the threat:

No comments: