Announcement

Collapse
No announcement yet.

Are Truecrypt and other hard drive encryption still vulnerable?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Are Truecrypt and other hard drive encryption still vulnerable?

    So I'm guessing that most people have seen or at least heard about the panel which discussed a long time problem with pre-boot authentication related to storing keystrokes when they should have been cleared.

    I didn't happen to catch the panel but from what I read about it Truecrypt was vulnerable. I haven't seen any news on the Truecrypt site about this. Has there been a fix/workaround to prevent this attack? I ask because I'm using Truecrypt's full drive encryption and I admittedly rely on it too much for physical security (my windows password is junk) and I rarely encrypt stuff.

    Anyone know if there was a new release or fix? P.S. Hope this is in the right section.
    Tags: None
  • #2
    Re: Are Truecrypt and other hard drive encryption still vulnerable?

    Originally posted by uomu View Post
    So I'm guessing that most people have seen or at least heard about the panel which discussed a long time problem with pre-boot authentication related to storing keystrokes when they should have been cleared.

    I didn't happen to catch the panel but from what I read about it Truecrypt was vulnerable. I haven't seen any news on the Truecrypt site about this. Has there been a fix/workaround to prevent this attack? I ask because I'm using Truecrypt's full drive encryption and I admittedly rely on it too much for physical security (my windows password is junk) and I rarely encrypt stuff.

    Anyone know if there was a new release or fix? P.S. Hope this is in the right section.
    First. this isn't a Truecrypt support site. The product support site, USENET Mailing List, release notes, google ...etc are the best places to seek out specific information. If you ask a support question /dev/random is the better place to do it. Also, If you are going to ask a support question please provide details like what version you are using so if we do know the answer we have the information necessary to answer it fully and correctly.

    In a more general answer; you will virtually never find something that is totally secure. It's something you can approach but never really reach. You really need to do an assessment to properly make the decision to see whether the products you rely on are adequate enough.

    Is this your home computer or are you storing telephone nuclear launch cereal box whistle tones. :-)

    xor

    Caching of keys and key strokes seems to be an ongoing problem for a lot of encryption programs. Especially under Windows which likes to write stuff every where. I predict(not a gambling man here) that the Vista Ready Boost cache will be ripe for this kind of forensic harvesting. Though I could be wrong the TOS you apparently agree to prior to turning it on doesn't guarantee privacy; which is a big step for Microsoft to at least admit their stuff isn't secure.
    Last edited by xor; September 6, 2008, 11:01.
    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

    Comment

    • #3
      Re: Are Truecrypt and other hard drive encryption still vulnerable?

      Originally posted by xor View Post



      Is this your home computer or are you storing telephone nuclear launch cereal box whistle tones. :-)

      xor
      Ain't that my main man Kevin? You made me dizzy...to assist or not to assist...humm. Assuming this is not Secret Agent Man, Secret Agent Man, I'd just use a basic key encyption tool.
      Last edited by Greyhatter; September 6, 2008, 17:24.

      Comment

      Previous template Next
      Working...
      X