If there's some process running on your machine that reads the memory with the intention to steal the keys, and you don't know/want it's doing that then we call that process malware. The existance of malware on your pc is not truecrypts problem... So while this is a weakness it's not a weakness of truecrypt itself.
that's only good on the paper and if you try to brute force the encryption. like 100 pointed out if you manage to get encryption key or even the password those billions of hours can be turned into single minute.
These attacks aren't about brute-forcing; it's irrelevant how strong the key is when you can obtain it from RAM.
In the end it all comes down to this...that encryption aside, you've got to be careful of malicious code, stoned bootkits, evil maid, key loggers etc. Your Encrypted Volume is only as secure as long as you take all the necessary precautions, most importantly which is to keep your encrypted volume protected from physical access to adversaries as well as malicious software access.
This isn't about binary obfuscation; it's about the disk encryption key which needs to be accessible in the clear as long as the drive is unlocked, because it's needed for all read/write operations on the encrypted drive. There's also a way to store the key in the CPU instead of RAM (where you can't easily read it), but that can currently only be done on Linux running a patched kernel.
Uh... That's exactly how it works. Ok, it's not a file system layer, but it is a layer between the file system and the volume manager (implemented as a filter driver on Windows) that receives read/write requests from the OS, performs decryption/encryption, and reads/writes the encrypted data from/to disk. However, if an attacker has physical access to the running machine it's game over anyway, that's the point here. You can't fool anyone with direct or physical memory access because it bypasses the OS restrictions on memory access.
Look Guys You can secure a vault with the best locks and have the entire army outside the building with nuclear weapons too. but if the responsible allow me access then no one can stop me. or like having CCtv but no disk to record . moral story is secure your belongings when you are present and when not use a good device that does. So if your Password is good it will take a very long time to hack it. i saved my outlook,pst and forgot the long password to it now i am lost because brute force failed to decode it even after many days of trying. so imagine a 256bit??????
BTW, if you have access to the machine and have the possibility to retrieve the key from RAM, why not just dump the unlocked volume? The key is only in RAM when the drive is unlocked, but when it's already unlocked then it makes no sense to do it the hard way. Why try to open a door with a stolen key when the door isn't even locked??