Results 1 to 4 of 4

Thread: Truecrypt Broken in Minutes

  1. #1
    Join Date
    Oct 2007
    Kentucky, USA

    Truecrypt Broken in Minutes

    Basically it involves the user leaving the TC drive open and putting the computer on standby. Then you simply plug in a firewire cable and fish around for the encryption key. Does Ubuntu allow this and what's being done about it? It would seem like a security vulnerability in itself if someone could plug a cord into your computer and get anything off of it, nevermind the password to a highly secured virtual hard-drive.
    Which is more important in obtaining the truth, "what" or "why"? Trick question. They are of equal importance.
    Freely ye have received, freely give.

  2. #2
    Join Date
    Apr 2008
    Ubuntu Development Release

    Re: Truecrypt Broken in Minutes

    It's always been a good idea to disable firewire unless you actually use it. Because of the way it was designed firewire has direct access to the system memory (unlike usb which has to be processed by the CPU first). I think it's misleading to say that this breaks the TrueCrypt encryption as this method is just retrieving the key from memory instead of attacking the TrueCrypt algorithms.

    This isn't a new thing, there have been Windows exploits that use the same method since 2006...

    This all just highlights the importance of physical security and why you shouldn't let random people plug cables into your machines.
    Last edited by Cheesemill; June 16th, 2013 at 01:54 PM.

  3. #3
    Join Date
    Oct 2009
    Ubuntu 16.04 Xenial Xerus

    Re: Truecrypt Broken in Minutes

    Moved to Security.

    I think Cheesemill pretty much covered it though.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  4. #4
    Join Date
    Oct 2005
    Al Ain

    Re: Truecrypt Broken in Minutes

    Windows has a very weak security stance by default, but even when a high security profile is applied to it, I still don't trust it much and it doesn't have an App Armor or SE Linux equivalent either.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts