TrueCrypt / Bitlocker Encryption Breakable ?

Discussion in 'Windows 8' started by david_xross_2, Jan 5, 2013.

  1. david_xross_2

    david_xross_2 MDL Senior Member

    Aug 31, 2012
    272
    298
    10
    #1 david_xross_2, Jan 5, 2013
    Last edited: Jan 5, 2013
  2. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,795
    90
    If there's some process running on your machine that reads the memory with the intention to steal the keys, and you don't know/want it's doing that then we call that process malware.
    The existance of malware on your pc is not truecrypts problem...
    So while this is a weakness it's not a weakness of truecrypt itself.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,539
    60
  4. david_xross_2

    david_xross_2 MDL Senior Member

    Aug 31, 2012
    272
    298
    10
  5. chris34

    chris34 MDL Member

    Oct 28, 2009
    188
    49
    10
    that's only good on the paper and if you try to brute force the encryption. like 100 pointed out if you manage to get encryption key or even the password those billions of hours can be turned into single minute.
     
  6. Shenj

    Shenj MDL Expert

    Aug 12, 2010
    1,557
    652
    60
    Brute force is not what you think it means...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,539
    60
    These attacks aren't about brute-forcing; it's irrelevant how strong the key is when you can obtain it from RAM.
     
  8. chris34

    chris34 MDL Member

    Oct 28, 2009
    188
    49
    10
    That's what I was referring to (see quote below) when I mentioned brute force.

     
  9. david_xross_2

    david_xross_2 MDL Senior Member

    Aug 31, 2012
    272
    298
    10
    In the end it all comes down to this...that encryption aside, you've got to be careful of malicious code, stoned bootkits, evil maid, key loggers etc. Your Encrypted Volume is only as secure as long as you take all the necessary precautions, most importantly which is to keep your encrypted volume protected from physical access to adversaries as well as malicious software access.
     
  10. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,539
    60
    This isn't about binary obfuscation; it's about the disk encryption key which needs to be accessible in the clear as long as the drive is unlocked, because it's needed for all read/write operations on the encrypted drive. There's also a way to store the key in the CPU instead of RAM (where you can't easily read it), but that can currently only be done on Linux running a patched kernel.
     
  11. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,539
    60
    Uh... That's exactly how it works. Ok, it's not a file system layer, but it is a layer between the file system and the volume manager (implemented as a filter driver on Windows) that receives read/write requests from the OS, performs decryption/encryption, and reads/writes the encrypted data from/to disk.

    However, if an attacker has physical access to the running machine it's game over anyway, that's the point here. You can't fool anyone with direct or physical memory access because it bypasses the OS restrictions on memory access.
     
  12. tinux

    tinux MDL Junior Member

    Feb 26, 2012
    85
    14
    0
    Look Guys
    You can secure a vault with the best locks and have the entire army outside the building with nuclear weapons too.
    but if the responsible allow me access then no one can stop me. or like having CCtv but no disk to record .

    moral story is secure your belongings when you are present and when not use a good device that does.
    So if your Password is good it will take a very long time to hack it. i saved my outlook,pst and forgot the long password to it now i am lost because brute force failed to decode it even after many days of trying. so imagine a 256bit??????
     
  13. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,795
    90
    BTW, if you have access to the machine and have the possibility to retrieve the key from RAM, why not just dump the unlocked volume?
    The key is only in RAM when the drive is unlocked, but when it's already unlocked then it makes no sense to do it the hard way. Why try to open a door with a stolen key when the door isn't even locked??
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...