Security Basics mailing list archives
RE: Help on truecrypt recovery
From: "Vogels, Mark" <mvogels () amgen com>
Date: Wed, 31 Dec 2008 09:27:45 +0100
Any memory dumper would allow you to read the memory of the truecrypt executable. I personally often use Winhex. Here's the initial thread where the problem in TrueCrypt and the password in the keyboard buffer are discussed: http://forums.truecrypt.org/viewtopic.php?t=8761 As of version 5.0a this problem has been fixed I just tested it and on a regular mounted volume and the plaintext password cannot be found in the truecrypt.exe executable nor in the physical memory of the computer. So I guess they fixed that problem along with the keyboard buffer. I hope this helps. - Mark -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Raj Sent: dinsdag 30 december 2008 5:33 To: Raj Cc: security-basics () securityfocus com Subject: Re: Help on truecrypt recovery Thank for reply. Well i think i steered it wrong . Here is a link http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf Its possible to crack an full disk (encryption) , though latest version has plugged that hole. I wanted to know is this possible on a file (which is mounted on OS) encyption?. Also when i punch password for the file to be decrypted and mounted on OS, where does the decryption engine load the data and key (any pointers?). I guess by just monitoring real memory space of the truecrypt.exe actions, tonnes can be know, but i dont know a suitable tool for same( any pointers again?) Regards Raj On Mon, Dec 29, 2008 at 10:36 PM, Christian Campbell <ccampbell () brueggers com> wrote:
On the new year note , I happend to forget my truecrypt password. I got some queries in this regards 1. BIOS 's pre-boot authentication works on full disk encryption but what abt file encryption (over OS), any pointers ? 2. How does password mechanism work on a encrypted file. 3. Any good disctionary attack tools.The whole idea is that without the password, you can't access the data. It seems you're hoping that there's a trivial way to gain access to your volume. If it were that simple, why would you use the product? Me thinks you're poked. Kiss your data goodbye.
-- ________________________________________
Current thread:
- Help on truecrypt recovery Raj (Dec 29)
- RE: Help on truecrypt recovery Christian Campbell (Dec 29)
- Re: Help on truecrypt recovery Arild Jensen (Dec 30)
- Re: Help on truecrypt recovery Shailesh Rangari (Dec 30)
- Re: Help on truecrypt recovery Raj (Dec 30)
- RE: Help on truecrypt recovery Vogels, Mark (Dec 31)
- RE: Help on truecrypt recovery Murda Mcloud (Dec 30)
- Re: Help on truecrypt recovery Sitaram Chamarty (Dec 30)
- RE: Help on truecrypt recovery Vogels, Mark (Dec 30)
- Help with MS07-042 - will not seem to install on this one laptop Jeff Dinger (Dec 30)
- RE: Help with MS07-042 - will not seem to install on this one laptop Murda Mcloud (Dec 31)
- RE: Help with MS07-042 - will not seem to install on this one laptop Jeff Dinger (Dec 31)
- Re: Help with MS07-042 - will not seem to install on this one laptop Stephen Thornber (Dec 31)
- RE: Help with MS07-042 - will not seem to install on this one laptop Lape, Steve (Dec 31)
- Help with MS07-042 - will not seem to install on this one laptop Jeff Dinger (Dec 30)
- RE: Help on truecrypt recovery Christian Campbell (Dec 29)
- <Possible follow-ups>
- Re: Help on truecrypt recovery Phillyun (Dec 30)