TrueCrypt broken
in [Cryptography]
|
From: Matt Mahoney on 9 Apr 2010 13:16 http://www.storagenewsletter.com/news/security/passware-kit-forensic Any idea how this works?
From: Xavier Roche on 9 Apr 2010 13:29 Matt Mahoney a écrit : > http://www.storagenewsletter.com/news/security/passware-kit-forensic > Any idea how this works? According to the site's description, it works on a live PC with a truecrypt partition mounted, when the PC is "locked". The technic claimed may exploit a firefiwre flaw (see for example http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation), and is supposed to be able to get the keys in the dumped memory. However, the "password recovery algorithms" for encrypted files technic is a bit vague and lacks description. Dictionnary attack, maybe ?
From: Anne Onime on 9 Apr 2010 15:09 "Xavier Roche" <xroche(a)free.fr.NOSPAM.invalid> wrote in message news:hpno6s$hk$2(a)news.httrack.net... > Matt Mahoney a �crit : >> http://www.storagenewsletter.com/news/security/passware-kit-forensic >> Any idea how this works? > > According to the site's description, it works on a live PC with a > truecrypt partition mounted, when the PC is "locked". > > The technic claimed may exploit a firefiwre flaw (see for example > http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation), > and is supposed to be able to get the keys in the dumped memory. > > However, the "password recovery algorithms" for encrypted files technic > is a bit vague and lacks description. Dictionnary attack, maybe ? It may be useful in a few isolated cases, but for 99.9% of all Truecrypt volumes (on powered down hard disks or flash disks) this will be worthless unless the user encrypted with a weak password. In other words: I'm not worried, I always log off when I leave my PC for any length of time and I never leave it in standby mode. I currently don't use Full Disk Encryption, but I keep thinking about it more and more since it prevents someone from installing a keylogger on your machine.
From: nemo_outis on 9 Apr 2010 17:53 Matt Mahoney <matmahoney(a)yahoo.com> wrote in news:323624e9-3a21-4a5d- 9601-1c31cd01d178(a)i25g2000yqm.googlegroups.com: > http://www.storagenewsletter.com/news/security/passware-kit-forensic > > Any idea how this works? Yep, the reference cited above explains how (well, drops a strong hint) in its third paragraph: "In response to customer requests, especially from law enforcement organizations, Passware has enhanced Passware Kit Forensic to allow for memory acquisition of a seized computer over FireWire port, even if the computer is locked. When a target computer is seized and turned on with the encryption disk accessible, the software scans its memory image and extracts the encryption keys, so law enforcement personnel can access the stored data." IOW it's the straightforward Firewire DMA attack (metlstorm gets the credit) that I wrote about here years ago (Feb 2008 and earlier) - probably "tarted up" with a better interface. Moreover, this is NOT a true attack against Truecrypt (or any similar program) since those programs are designed to protect data "at rest" (i.e., unmounted) and NOT while the key is in memory on a running machine. (It's really just an attack on the rather weak keyboard lockout mechanism, not on Truecrypt). Memory is then harvested and the key is found therein (some programming required but nothing tricky). Regards, PS Most current attacks against encryption DO NOT try to break the algorithm (e.g., AES256) or brute force the key; instead they attempt to crack the password rather than the key (Most users use passwords much weaker than the endelying algorithm/key). Truecrypt (and several similar programs) use a method to hamper direct attacks on the password - they make the relationaship between the password and key computationally expensive. Which is to say the (potential) relationship between a password and key is not 1:1 but greater (enormously greater!). Making password cracking computationally expensive typically involves salts and iterated hashing. It effectively makes precomputation (rainbow tables, etc.) unfeasible and leaves no better method than the near-brute-force method of trying each guessed password to see if it yields a workable key. This method is pretty slow and will only work if the user has chosen a short or weak password (e.g., a word or some simple variant). However, as said above, enough users do select such weak passwords that even this slow dictionary attack is often successful. But if you pick a strong password (or better, passphrase) you're immune to it. PPS To avoid the Firewire DMA attack you should disconnect all Firewire ports (paranoids will put a blob of epoxy over them on the motherboard). A hardware disconnect is far more reliable than a software one (e.g., disabling Firewire in the OS) but even the software disconnect will thwart all but the most serious adversaries. There are also some possible USB attacks that use similar methods to the Firewire attack. Fortunately the USB attacks are much less powerful and so I'll leave it to your discretion whether to disable USB on your system (USB is so convenient as to be virtually a necessity). A software USB disabler (there are several such programs) may be a satisfactory compromise. FWIW I disable Firewire (in hardware) but not USB.
From: Maaartin on 14 Apr 2010 13:44 On Apr 9, 11:53 pm, "nemo_outis" <a...(a)xyz.com> wrote: > There are also some possible USB attacks that use similar methods to the > Firewire attack. Fortunately the USB attacks are much less powerful and > so I'll leave it to your discretion whether to disable USB on your system > (USB is so convenient as to be virtually a necessity). A software USB > disabler (there are several such programs) may be a satisfactory > compromise. FWIW I disable Firewire (in hardware) but not USB. What about SATA? It's capable of DMA as well and there're often external connectors for it.
|
Next
|
Last
Pages: 1 2 Prev: The key to cracking any cipher: Elephant. Next: A link on North Korean home-grwon OS |