How can I protect my TrueCrypt partition from being compomised by PassWare Kit

[hppd]

Hello

 I recently found out there was a $800 tool (Passware Kit enterprise) that can do a cold boot attack to grab your TrueCrypt keys from my computers memory. Is there any way I can protect myself from this kind of attack?

[Snayler]

Hello

 I recently found out there was a $800 tool (Passware Kit enterprise) that can do a cold boot attack to grab your TrueCrypt keys from my computers memory. Is there any way I can protect myself from this kind of attack?

Don't leave your computer turned on?

[hppd]

But what if the police forced you to logon to your Computer and then they grabbed the keys. I'm talking about a partition on an external HD btw not entire HD enryption

[rasenove]

Just create a hidden partition.
And cops usually suck at using computers.

[proxx]

Hello

 I recently found out there was a $800 tool (Passware Kit enterprise) that can do a cold boot attack to grab your TrueCrypt keys from my computers memory. Is there any way I can protect myself from this kind of attack?

You probably havent really seen what can be done and what not.
This attack is only viable under certain conditions.
Dont store keys locally.

[BrokenSyntax]

Get a large usb stick and store tons of files on it. Images, music, text, anything. Then select a couple of them to be used as key files. This way (from my knowledge), if they firgure out that you're using key files, and that the keyfiles are stored on the usb, they would have to try all possible combinations of files.. And they don't even know how many of them are used.

[hppd]

Nice idea +1, I already have a load of music on the drive so that's chill

Also could it be that big TrueCrypt is spread by big Federal agencies like NSA for the purpose of promoting encryption for which they have the back door, in order to decrease the use of other encryption softwares that they can't crack.

Just something that popped in my mind, I have nothing to back it up.

Although I did a quick google search and http://istruecryptauditedyet.com/ this came up. So people are already paranoid enough about it to donate a total of $15,614.00 to his project..

[Resistor]

TrueCrypt is open source; if you're worried about it being backdoored, you can review the source code yourself. Also, read this.

FBI hackers fail to crack TrueCrypt

The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation.

The Bureau had been called in by the Brazilian authorities after the country's own National Institute of Criminology (INC) had been unable to crack the passphrases used to secure the drives by suspect banker, Daniel Dantas.

Brazilian reports state that two programs were used to encrypt the drives, one of which was the popular and widely-used free open source program TrueCrypt. Experts in both countries apparently spent months trying to discover the passphrases using a dictionary attack, a technique that involves trying out large numbers of possible character combinations until the correct sequence is found.
(continued)

http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/

[techb]

But what if the police forced you to logon to your Computer and then they grabbed the keys. I'm talking about a partition on an external HD btw not entire HD enryption

If the cops force you to log onto your computer, then they can/will force you to give up the keys anyway. For you to even be in a situation like that, then something had to have happened for them to issue a warrant in the first place.

[lucid]

TrueCrypt is open source; if you're worried about it being backdoored, you can review the source code yourself. Also, read this.

http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/

If you read carefully it states that he used two different programs to encrypt the drives..

[chamelephon]

Using truecrypt to protect your files requires certain caution.
The best you can do is use the auto-dismount feature that "removes" the key from RAM after a certain period of time.
If you are using an entire encrypted disk/partition , that would not work though.
What i find useful but extreme is "destroying" all the USB/firewire/everything with DMA(direct memory access) ports on the computer. That way a PassWare attack becomes impossible. If you are serious about your activities though, that wouldn't be such a problem.

[whole21]

Fascinating info. I was wondering, using truecrypt to encode a set of data, then using another encryption software to do a second level encryption would maybe make it impossible to crack. Would that work?

Also TrueCrypt is no longer being updated, should I start using something else :S

[InfosecFurry]

But what if the police forced you to logon to your Computer and then they grabbed the keys. I'm talking about a partition on an external HD btw not entire HD enryption

If the police can force you to do anything, game over.

[proxx]

If the police can force you to do anything, game over.

Lol dude, truecrypt is dead, read the news
And I dunno where you come from but if you refuse or just say you don't have the key they wont torture you , at least not here.

There is some defcon talk about international laws and valid arguments for traveling with encrypted disks.

Another somethingy I thought about.
Say you have a laptop and travel across a border that has laws on encryption, who is going to check that....
Some faggot border patrol noob that has no clue about computers....?
So what if you just have a default windows boot and let that boot with no interesting shit except for some malware and toolbars.
On that same drive is an encrpypted linux/bsd installtion that contains the real data.
I bet that 9/10 times there wont be anyone asking questions.
And then even if they discover such a thing , not having the key can be valid if someone else has that.
I know for one thing that australia has such crazy laws in place.


Law enforcement and actual claims against you that lead to further investigation would be something different.
However if you can store that encrypted somewhere on the other side of the globe where direct control of the hardware is not or not directly possible would probably keep you several steps ahead.

[InfosecFurry]

If they can get physical access to the device, unsupervised, then your concern is if they tamper with it. Especially if you have an unencrypted Windows install. (Gives them an easier way to offload the logged keystrokes without risking damaging the integrity of the encrypted HD.)

Doubly so if you have an encrypted VM and your host gets compromised.