Truecrypt gives feds a headache

News from around the world.
Post Reply
User avatar
Thor
htd0rg lieutenant
Posts: 440
Joined: Tue Dec 18, 2007 9:39 am
Location: Location Location

Truecrypt gives feds a headache

Post by Thor » Tue Jul 20, 2010 4:15 pm

http://g1.globo.com/English/noticia/201 ... antas.html

Demonstration of why it's important to use encryption. Of course you guys have nothing to hide though. Right?..

User avatar
foldingstock
htd0rg lieutenant
Posts: 300
Joined: Sat Aug 16, 2008 10:38 pm

Re: Truecrypt gives feds a headache

Post by foldingstock » Fri Jul 23, 2010 9:30 pm

article wrote:According to the report, the FBI and the INC used the same technology to try to break the password. It is a mechanism called a "dictionary" - a computer system that tests password combinations from known data and police information. Experts from the INC used this technique for five months, until December 2008, when the discs were sent to the United States.
Hopefully anyone smart enough to use encryption won't use dictionary-based passwords. Why the feds are using a dictionary attack, though, is beyond me.

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Truecrypt gives feds a headache

Post by Cool_Fire » Sat Jul 31, 2010 4:38 pm

It seems like the Dutch Forensics institute is better then the FBI then.
I did an assignment for them outof uni and learned they have a backdoor into Truecrypt.

User avatar
Thor
htd0rg lieutenant
Posts: 440
Joined: Tue Dec 18, 2007 9:39 am
Location: Location Location

Re: Truecrypt gives feds a headache

Post by Thor » Sun Aug 01, 2010 11:39 am

Really? You should share the location of this backdoor, id like to test this myself. That's definitely something our community would be interested in learning about. Further, I am aware of techniques to bypass whole disk encryption in Linux by messing with initrd.img. So a backdoor might work similarly. I wouldn't be sure about what to do to files or "containers" that are encrypted by truecrypt.

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Truecrypt gives feds a headache

Post by Cool_Fire » Thu Aug 05, 2010 8:01 am

Thor wrote:Really? You should share the location of this backdoor, id like to test this myself. That's definitely something our community would be interested in learning about. Further, I am aware of techniques to bypass whole disk encryption in Linux by messing with initrd.img. So a backdoor might work similarly. I wouldn't be sure about what to do to files or "containers" that are encrypted by truecrypt.
For some reason they weren't too eager to share it with a flock of students xD

User avatar
Thor
htd0rg lieutenant
Posts: 440
Joined: Tue Dec 18, 2007 9:39 am
Location: Location Location

Re: Truecrypt gives feds a headache

Post by Thor » Fri Aug 13, 2010 4:56 pm

Cool_Fire wrote:
Thor wrote:Really? You should share the location of this backdoor, id like to test this myself. That's definitely something our community would be interested in learning about. Further, I am aware of techniques to bypass whole disk encryption in Linux by messing with initrd.img. So a backdoor might work similarly. I wouldn't be sure about what to do to files or "containers" that are encrypted by truecrypt.
For some reason they weren't too eager to share it with a flock of students xD
I can't imagine why not :)

User avatar
infinite_
Bat Country
Posts: 1353
Joined: Fri Jun 04, 2004 7:19 pm
Location: Australia

Re: Truecrypt gives feds a headache

Post by infinite_ » Sat Oct 30, 2010 10:09 pm

So I wonder, do they *really* have a backdoor into TC or were they just talking themselves up to scare some students? Has this been verified elsewhere on the internet, or hinted at?
It makes me think that if they had a backdoor then so would other agencies; or at the very least, they'd offer a service to other agencies. And if that were the case, I wonder how long they'd be able to keep the information of their backdoor access quiet if such things were mentioned in criminal cases and the like.
My effort to help you will never exceed your effort to explain the problem.

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Truecrypt gives feds a headache

Post by Cool_Fire » Sun Oct 31, 2010 6:37 am

I've seen a few truecrypt "exploits" in the past for older versions. They relied on code errors in TC which allowed you to predict part of the encryption key in order to reduce the amount of time needed to brute force it.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

User avatar
Thor
htd0rg lieutenant
Posts: 440
Joined: Tue Dec 18, 2007 9:39 am
Location: Location Location

Re: Truecrypt gives feds a headache

Post by Thor » Mon Nov 01, 2010 12:04 pm

Right, it would seem more likely that they were just defeating it through traditional hacking rather then having a backdoor in the software. Although, backdoor is sometimes referred to as a vulnerability that people are aware of. It is open source software, so if someone really wanted to, they could just review the code.

In saying all this, I am aware of a method of defeating truecrypt by beating it when the bootloader boots. Issue 26/4 of 2600 has an article about "Pwning past whole disk encryption" (The same issue about hacking the TOR control protocol in a recent post). It details how this is done on Linux systems, but go on to mention it's the same idea on Microsoft and Linux machines with truecrypt.

Basically, they were just exploiting the very small part of a hard disk that isn't encrypted, the boot partition, even when you have full disk encryption of any sort enabled. In short, they were replacing the initrd.img and vmlinuz scripts with modified versions of their own by way of a live cd. They simply re-wrote them to start decryption even if the wrong paraphrase was entered.

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Truecrypt gives feds a headache

Post by Cool_Fire » Mon Nov 01, 2010 2:35 pm

That's pretty weird, the passphrase is supposed to be integral to the decryption process, usually part of the actual encryption key, or at least the encryption key to the disk's encryption key.

If you can just bypass that in software that'd imply a huge design flaw.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply