if anyone is using encryption software....

Discussion in 'OT Technology' started by gui3, Sep 3, 2009.

  1. gui3

    gui3 all the dude ever wanted was his rug back

    Joined:
    May 6, 2000
    Messages:
    9,498
    Likes Received:
    2
    TrueCrypt seems to be the way to go.

    for the first time in my (admittedly short) career, i've come across someone who has two TrueCrypt-encrypted DVDs.

    I can't find anyone in state or federal law enforcement OR the private sector who knows how to beat it. the best i found was a white paper on the whole "cold boot" thing, where you get the password out of system memory before it degrades.

    of course, there might be a way for a court to force someone to give up their password. but that's a separate issue :)
     
  2. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    32,996
    Likes Received:
    100
    Location:
    St. Louis
    Where does encryption work if my entire system is stolen? For example my email (outlook) its encrypted and can't be read if you took out my drive and decided to load it on another system, but if you stole my entire computer my regular password can be broken, open up outlook and still read all my email... was just thinking about this today actually.
     
  3. gui3

    gui3 all the dude ever wanted was his rug back

    Joined:
    May 6, 2000
    Messages:
    9,498
    Likes Received:
    2
    well, that's the point of the encryption software that ships with both the mac and windows - encrypts the entire drive; truecrypt and others like it can encrypt the entire volume.

    when you say the password can be "broken" i think the point of using high-level encryption is that the passwords are phenomenally difficult, if not practically impossible to break
     
  4. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    32,996
    Likes Received:
    100
    Location:
    St. Louis
    Oh I get it now. If the entire drive is encrypted then using your standard password breaking software would make it harder for them to break right? Brain dead today..
     
  5. Joe_Cool

    Joe_Cool Never trust a woman or a government. Moderator

    Joined:
    Jun 30, 2003
    Messages:
    299,300
    Likes Received:
    562
    Assuming you choose a strong password, that is.
     
  6. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    TrueCrypt is ok, but if someone has physical access, who cares, if they want it bad enough it's theirs.
     
  7. gui3

    gui3 all the dude ever wanted was his rug back

    Joined:
    May 6, 2000
    Messages:
    9,498
    Likes Received:
    2
    if you have any idea *how* that's possible, please tell me.

    because i have physical access
    i want it "bad enough"
    and it's not "mine"
     
  8. Joe_Cool

    Joe_Cool Never trust a woman or a government. Moderator

    Joined:
    Jun 30, 2003
    Messages:
    299,300
    Likes Received:
    562
    He meant if somebody who is a competent cryptographer has physical access and wants it bad enough. ;)
     
  9. reverse

    reverse hooooooooo

    Joined:
    May 24, 2000
    Messages:
    3,654
    Likes Received:
    0
    Location:
    Northern VA
    If using full disk encryption along with preboot authentication, good luck.
     
  10. reverse

    reverse hooooooooo

    Joined:
    May 24, 2000
    Messages:
    3,654
    Likes Received:
    0
    Location:
    Northern VA
    Just because I want something bad enough doesn't mean I'm going to get it, when it comes to encrypted disks. Then it's just a matter of time, money, and how much I have of either.
     
  11. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    Pull the drive out and boot off another.

    Once physical security is broken, no matter what, if someone wants the data, they will get it.
     
  12. Joe_Cool

    Joe_Cool Never trust a woman or a government. Moderator

    Joined:
    Jun 30, 2003
    Messages:
    299,300
    Likes Received:
    562
    :werd: The only limiting factor is how far they're willing to go to get it. Money, time, violence, all of these will recover the data.
     
  13. Vito_Corleone

    Vito_Corleone New Member

    Joined:
    Oct 12, 2003
    Messages:
    29,356
    Likes Received:
    0
    Location:
    Tampa, FL
    Shouldn't work if the drive is encrypted...
     
  14. Joe_Cool

    Joe_Cool Never trust a woman or a government. Moderator

    Joined:
    Jun 30, 2003
    Messages:
    299,300
    Likes Received:
    562
    You can take the first so many encrypted bytes on the disk and run a dictionary password attack on it. Once you have physical access, if you know what you're doing, you CAN recover the data. It might take a long time, but it can be done.

    That's why choosing a strong passphrase is important.
     
  15. FormulaLS1

    FormulaLS1 Member

    Joined:
    Nov 14, 2006
    Messages:
    519
    Likes Received:
    0
    How does that work if the volume is encrypted with truecrypt? You end up with the same drive same encryption plugged into another machine.

    People keep mentioning once you have physical access the data is yours....I think they're leaving out the part about how long it would take to brute force a pass phrase...

    Someone mentioned cold boot method that would work but I doubt the person has logged in lately and entered the password.

    I found a shitty java app that uses a password list to brute force trucrypt http://rapidshare.com/files/80314740/CrackTC.zip
     
    Last edited: Sep 5, 2009
  16. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    32,996
    Likes Received:
    100
    Location:
    St. Louis
    In agreement with this. Again it can be done but the time it takes... who knows a long time thats for sure. So Im with the one poster if someone really wants to spend that much time doing it then their welcome to have it.

    I have data that is encrypted on my work computer and cannot be accessed unless you have physical access to the machine itself and since that machine is password protected, you have to break my password first. Pulling out the drive won't get you anywhere but if someone wants to take the time out to break that encryption.. more power to them
     
  17. Homeless

    Homeless New Member

    Joined:
    Jun 20, 2004
    Messages:
    975
    Likes Received:
    0
    Location:
    NY
    Truecrypt is vulnerable to a few attacks, but none of them are realistic. As many have said, it is possible to bruteforce the password, but that could literally take over a year depending on the complexity of it.

    Most of the known attacks involve some type of ram reading/dumping (cold boot, pagefile, etc.) but still require the user to have inputted the password atleast once, making it somewhat nill.

    Your best bets are keylogging, kernel mode rootkits or stoned bootkit. Stoned is most likely the best option since it loads itself in the MBR and has the ability to load before a truecrypted drive password prompt.

    Nevertheless, all the methods involve someone entering the password first and you retrieving it later
     
  18. Joe_Cool

    Joe_Cool Never trust a woman or a government. Moderator

    Joined:
    Jun 30, 2003
    Messages:
    299,300
    Likes Received:
    562
    Or violence. Everybody keeps forgetting that option. Really, the easiest way to recover encrypted data is to beat somebody who knows the password until they give it up.
     
  19. Homeless

    Homeless New Member

    Joined:
    Jun 20, 2004
    Messages:
    975
    Likes Received:
    0
    Location:
    NY
    I suppose violence or a legal court order could work, but truecrypt has a plausible deniability aspect in that you can have a hidden volume inside a volume. It's virtually undetectable unless you know it exists.
     
  20. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    32,996
    Likes Received:
    100
    Location:
    St. Louis
    :rofl: well thats another alternative yea.
     
  21. telc

    telc OT Supporter

    Joined:
    Aug 29, 2003
    Messages:
    18,580
    Likes Received:
    0
    TrueCrypt has a answer to this, its called "Plausible Deniability"

    http://www.truecrypt.org/docs/?s=plausible-deniability
     
  22. Joe_Cool

    Joe_Cool Never trust a woman or a government. Moderator

    Joined:
    Jun 30, 2003
    Messages:
    299,300
    Likes Received:
    562
    That's nice for casual questioning. But if somebody has you locked in a room and is beating you, they likely know you've got something, and aren't going to accept "lol there's nothing on that drive" as an answer.
     
  23. telc

    telc OT Supporter

    Joined:
    Aug 29, 2003
    Messages:
    18,580
    Likes Received:
    0

    Thats not how it works, There is two passwords, you can have the second password setup to mount the volume and show a fake set of files. There is no way to know encrypted volume is two parts.

     
    Last edited: Sep 9, 2009
  24. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    As with so many things related to computers, XKCD provides the most authoritative commentary on encryption:

    [​IMG]
     
  25. Joe_Cool

    Joe_Cool Never trust a woman or a government. Moderator

    Joined:
    Jun 30, 2003
    Messages:
    299,300
    Likes Received:
    562
    Right, unless the CIA or whoever has you has ever heard of TrueCrypt or has access to the internet. :hsugh:
     

Share This Page