Cracking truecrypt files in minutes? Or just truecrypt harddrives in minutes?

encryption truecrypt

This attack only works on Full-Disk Encrypted systems, or otherwise requires that the volume be mounted at the time the attack is undertaken (or when the system last hibernated). the attack works by accessing the key in ram, which wouldn't be possible in the case of a unmounted volume. If the key cannot be found in memory, it attempts to find it in hiberfil.sys, but if the volume was not loaded during the last hibernation, the key will not be there either.

NOTE: If the target computer is turned off and the encrypted volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns brute-force attacks to recover the original password for the volume. http://www.lostpassword.com/hdd-decryption.htm

So, use a strong password, disable hibernation, and do not mount volumes on boot (only mount on demand when you need to, and dismount when you are done) and you should be pretty safe against this tool.

Related

Mac OS X - installing software via DMG vs. *nix command line style
Shared memory in chroot environment
Renaming multiple files at once with a pattern on Ubuntu
Non destructively Convert offline dynamic disk to basic disk using testdisk tool
Can I delete a SkyDrive folder from my computer but not from SkyDrive cloud storage?
Internet keeps dropping. 5 different routers have failed, changed modem, etc.
Issue in Windows 10 with lack of icon transparency for System icons
windows ssh doesn't accept passphrase
Turn Router with DD-WRT into Remote Proxy?
Installing Ubuntu in Windows 7 virtual PC
Thunderbird > 4.x on Linux does not honour default browser
Data protection on HDD: trying to sort out relevant technologies