EvilZone
Hacking and Security => Anonymity and Privacy => : hppd November 17, 2013, 03:34:33 PM
-
Hello
I recently found out there was a $800 tool (Passware Kit enterprise) that can do a cold boot attack to grab your TrueCrypt keys from my computers memory. Is there any way I can protect myself from this kind of attack?
-
Hello
I recently found out there was a $800 tool (Passware Kit enterprise) that can do a cold boot attack to grab your TrueCrypt keys from my computers memory. Is there any way I can protect myself from this kind of attack?
Don't leave your computer turned on?
-
But what if the police forced you to logon to your Computer and then they grabbed the keys. I'm talking about a partition on an external HD btw not entire HD enryption
-
Just create a hidden partition.
And cops usually suck at using computers.
-
Hello
I recently found out there was a $800 tool (Passware Kit enterprise) that can do a cold boot attack to grab your TrueCrypt keys from my computers memory. Is there any way I can protect myself from this kind of attack?
You probably havent really seen what can be done and what not.
This attack is only viable under certain conditions.
Dont store keys locally.
-
Get a large usb stick and store tons of files on it. Images, music, text, anything. Then select a couple of them to be used as key files. This way (from my knowledge), if they firgure out that you're using key files, and that the keyfiles are stored on the usb, they would have to try all possible combinations of files.. And they don't even know how many of them are used.
-
Nice idea +1, I already have a load of music on the drive so that's chill
Also could it be that big TrueCrypt is spread by big Federal agencies like NSA for the purpose of promoting encryption for which they have the back door, in order to decrease the use of other encryption softwares that they can't crack.
Just something that popped in my mind, I have nothing to back it up.
Although I did a quick google search and http://istruecryptauditedyet.com/ this came up. So people are already paranoid enough about it to donate a total of $15,614.00 to his project..
-
TrueCrypt is open source; if you're worried about it being backdoored, you can review the source code yourself. Also, read this.
FBI hackers fail to crack TrueCrypt
The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation.
The Bureau had been called in by the Brazilian authorities after the country's own National Institute of Criminology (INC) had been unable to crack the passphrases used to secure the drives by suspect banker, Daniel Dantas.
Brazilian reports state that two programs were used to encrypt the drives, one of which was the popular and widely-used free open source program TrueCrypt. Experts in both countries apparently spent months trying to discover the passphrases using a dictionary attack, a technique that involves trying out large numbers of possible character combinations until the correct sequence is found.
(continued)
http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/
-
But what if the police forced you to logon to your Computer and then they grabbed the keys. I'm talking about a partition on an external HD btw not entire HD enryption
If the cops force you to log onto your computer, then they can/will force you to give up the keys anyway. For you to even be in a situation like that, then something had to have happened for them to issue a warrant in the first place.
-
TrueCrypt is open source; if you're worried about it being backdoored, you can review the source code yourself. Also, read this.
http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/ (http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/)
If you read carefully it states that he used two different programs to encrypt the drives..
-
Using truecrypt to protect your files requires certain caution.
The best you can do is use the auto-dismount feature that "removes" the key from RAM after a certain period of time.
If you are using an entire encrypted disk/partition , that would not work though.
What i find useful but extreme is "destroying" all the USB/firewire/everything with DMA(direct memory access) ports on the computer. That way a PassWare attack becomes impossible. If you are serious about your activities though, that wouldn't be such a problem.
-
Fascinating info. I was wondering, using truecrypt to encode a set of data, then using another encryption software to do a second level encryption would maybe make it impossible to crack. Would that work?
Also TrueCrypt is no longer being updated, should I start using something else :S
-
But what if the police forced you to logon to your Computer and then they grabbed the keys. I'm talking about a partition on an external HD btw not entire HD enryption
If the police can force you to do anything, game over.
-
If the police can force you to do anything, game over.
Lol dude, truecrypt is dead, read the news :)
And I dunno where you come from but if you refuse or just say you don't have the key they wont torture you , at least not here.
There is some defcon talk about international laws and valid arguments for traveling with encrypted disks.
Another somethingy I thought about.
Say you have a laptop and travel across a border that has laws on encryption, who is going to check that....
Some faggot border patrol noob that has no clue about computers....?
So what if you just have a default windows boot and let that boot with no interesting shit except for some malware and toolbars.
On that same drive is an encrpypted linux/bsd installtion that contains the real data.
I bet that 9/10 times there wont be anyone asking questions.
And then even if they discover such a thing , not having the key can be valid if someone else has that.
I know for one thing that australia has such crazy laws in place.
Law enforcement and actual claims against you that lead to further investigation would be something different.
However if you can store that encrypted somewhere on the other side of the globe where direct control of the hardware is not or not directly possible would probably keep you several steps ahead.
-
If they can get physical access to the device, unsupervised, then your concern is if they tamper with it. Especially if you have an unencrypted Windows install. (Gives them an easier way to offload the logged keystrokes without risking damaging the integrity of the encrypted HD.)
Doubly so if you have an encrypted VM and your host gets compromised. :)
-
Except for the fact that with a compromised host, the virtual OS is still completely separated from the host and thus, it is independent of any malware installed in the host. The only things that could possibly affect the installed virtual OS would be a bruteforce of the keys, a very thorough but impractical analysis of the keys in SDRAM, both of which are totally useless if there's a strong key involved, i.e., a live key with a GPG-generated 512bit key.
You can never underestimate the power of:
dd if=/dev/urandom bs=512 count=4 | gpg -symmetric -a ./key.gpg
This can of course be extended and used as a failsafe; setting your [hopefully LUKS] partition to read the key from the USB, in addition to a [hopefully strong] password phrase could be considered effective.
-
Err, no, if your VM is running and my malware is on your system, the host can go "lol, what do we have here?"
-
The only way malware can get from the host to the VM or vice versa is by traversing shared directories. More advanced attacks are required for network exploitation from VM to host and host to VM. Simply because the host and VM are completely isolated and the VM is acting as a totally different OS. There is [hopefully] no way to tell the difference.
-
Consider, for a moment, the case of Virtualbox. When a keystroke is made on the keyboard, how does it get into the virtual machine? It travels through the host's kernel, gets passed to Java, which in turn passes it to the virtual machine to be processed.
There is plenty of opportunity for interception here.
Premise of my statements:
Most malware is written for Windows platforms.
Most people who use Windows + VMs will wind up using Virtualbox or VMWare.
If you kill the correct java.exe process, your VM shuts down immediately.
You don't need to actually fuck with the VM's memory space, you own the whole galaxy.
-
You just gave me a plethora of reasons why not to use Windows. And if you kill the right java process on Windows you can kill your whole install. Fuck Windows.
-
You just gave me a plethora of reasons why not to use Windows. And if you kill the right java process on Windows you can kill your whole install. Fuck Windows.
Java controls the techno world.
-
What do music and Java have to do with each other? Lol. Seriously though, not my world.