Saturday, 6 July 2019

encryption - Cracking truecrypt files in minutes? Or just truecrypt harddrives in minutes?


Apparently http://www.lostpassword.com/kit-forensic.htm can be used to crack truecrypt hard drive encryption. Has anyone tried it and is it possible to crack truecrypt files too with this software?



Passware Kit Forensic, complete with Passware FireWire Memory Imager, is the first and only commercial software that decrypts BitLocker and TrueCrypt hard disks, and instantly recovers Mac and Windows login passwords of seized computers.




Answer



This attack only works on Full-Disk Encrypted systems, or otherwise requires that the volume be mounted at the time the attack is undertaken (or when the system last hibernated). the attack works by accessing the key in ram, which wouldn't be possible in the case of a unmounted volume. If the key cannot be found in memory, it attempts to find it in hiberfil.sys, but if the volume was not loaded during the last hibernation, the key will not be there either.



NOTE: If the target computer is turned off and the encrypted volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns brute-force attacks to recover the original password for the volume. http://www.lostpassword.com/hdd-decryption.htm



So, use a strong password, disable hibernation, and do not mount volumes on boot (only mount on demand when you need to, and dismount when you are done) and you should be pretty safe against this tool.


No comments:

Post a Comment

How can I VLOOKUP in multiple Excel documents?

I am trying to VLOOKUP reference data with around 400 seperate Excel files. Is it possible to do this in a quick way rather than doing it m...