Results 1 to 8 of 8

Thread: Truecrypt loophole?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Location
    Shoulder surfing besides you...
    Posts
    39

    Default Truecrypt loophole?

    Whats the use of implementing Truecrypt if it doesnt ask for password while copying or deleting the Truecrypt file container.

    Its like trying to crack WPA-PSK passphrase. You grab the handshake file and try to crack it with brute force methods and if god forbid, the password is easy then....................

    What do you think?
    Last edited by exus69; 06-02-2011 at 06:29 AM.
    Having knowledge is one thing and applying that knowledge to earn money (of course, legally) is a completely different thing...

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Truecrypt loophole?

    Yes having possession of any piece of hardware or data is a vulnerability, hence the need for strong access control (both physical and logical).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Just burned his ISO
    Join Date
    May 2011
    Posts
    2

    Default Re: Truecrypt loophole?

    Quote Originally Posted by thorin View Post
    Yes having possession of any piece of hardware or data is a vulnerability, hence the need for strong access control (both physical and logical).
    Excellent points. However, as a recent case has shown, choosing a really good passphrase will defeat even determined efforts at cracking:

    Looks like open source disk encryption software TrueCrypt has shown its mettle in a cybercrime case out of Brazil. The Brazilian police seized 500 TrueCrypt protected drives from the apartment of Daniel Dantas, a Rio banker accused of financial crimes. In Brazil, there is no law compelling defendants to reveal passwords to encrypted evidence, so the Brazilian crime lab attempted to break the encryption for five months with no success. They then turned to the US FBI, who ran dictionary attacks against the encryption for another year. No joy. As a result of the banker’s good password practices, the 500 drives with potential evidence were reduced to really ugly paperweights.
    http://www.paranoidprose.com/2010/06...words-1-fbi-0/

    Brazilian banker's crypto baffles FBI
    18 months of failure
    By John Leyden

    http://www.theregister.co.uk/2010/06...ypto_lock_out/

  4. #4
    Senior Member savioboyz's Avatar
    Join Date
    Oct 2010
    Location
    Nigeria
    Posts
    118

    Default Re: Truecrypt loophole?

    I strongly agree with thorin
    Saviour Emmauel Ekiko

  5. #5
    Just burned his ISO
    Join Date
    Apr 2011
    Location
    Somewhere in cyberspace
    Posts
    5

    Default Re: Truecrypt loophole?

    I know this isn't exactly a solution and could be more of an annoyance but you could use the chattr +i (chattr +i foo) to make the file undeleteable and unmodifiable. Therefor before you mount and try to write to the volume you would have to remove that attribute (chattr -i foo) and then when your finnished reapply it. This would prevent the file from being removed accidently and pose as another step to someone who might be purposefully trying to remove it. But as Thorin states nothing is better then physical security.

  6. #6
    Junior Member
    Join Date
    Dec 2008
    Location
    Shoulder surfing besides you...
    Posts
    39

    Default Re: Truecrypt loophole?

    Thanks Thorin One more question, suppose I've 2GB pen drive with 1GB of data in it and I create 100MB of Truecrypt file container. If my pen drive gets infected with virus will it affect the contents of 100MB Truecrypt file container??
    Last edited by exus69; 06-02-2011 at 06:28 AM.
    Having knowledge is one thing and applying that knowledge to earn money (of course, legally) is a completely different thing...

  7. #7
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Truecrypt loophole?

    Concerning the virus question, if the truecrypt container was open, then the contents could be affected. Otherwise, a virus would see it as just another file & be unable to tell what the contents are. Depending on the attributes of the virus, it might mangle the truecrypt container to be unreadable. Interesting (if scary) possibility...a piece of malware that only goes after truecrypt files.

  8. #8
    Junior Member
    Join Date
    Dec 2008
    Location
    Shoulder surfing besides you...
    Posts
    39

    Default Re: Truecrypt loophole?

    Thanks scottm99
    Having knowledge is one thing and applying that knowledge to earn money (of course, legally) is a completely different thing...

Similar Threads

  1. Truecrypt
    By m-1-k-3 in forum OLD BT4 Feature Requests
    Replies: 7
    Last Post: 03-14-2009, 10:21 AM
  2. Banks slip through virus loophole
    By somanyholes in forum OLD General IT Discussion
    Replies: 15
    Last Post: 06-13-2008, 05:11 PM
  3. Truecrypt! - Help, almost there!
    By dxi5t in forum OLD Newbie Area
    Replies: 7
    Last Post: 06-06-2008, 06:06 AM
  4. help with truecrypt
    By YearZirO in forum OLD Newbie Area
    Replies: 1
    Last Post: 12-21-2007, 09:46 AM
  5. truecrypt
    By dlink in forum OLD Newbie Area
    Replies: 6
    Last Post: 11-27-2007, 04:28 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •