http://g1.globo.com/English/noticia/201 ... antas.html
Demonstration of why it's important to use encryption. Of course you guys have nothing to hide though. Right?..
Truecrypt gives feds a headache
- Thor
- htd0rg lieutenant
- Posts:440
- Joined:Tue Dec 18, 2007 9:39 am
- Location:Location Location [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
- foldingstock
- htd0rg lieutenant
- Posts:300
- Joined:Sat Aug 16, 2008 10:38 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Truecrypt gives feds a headache
Hopefully anyone smart enough to use encryption won't use dictionary-based passwords. Why the feds are using a dictionary attack, though, is beyond me.article wrote:According to the report, the FBI and the INC used the same technology to try to break the password. It is a mechanism called a "dictionary" - a computer system that tests password combinations from known data and police information. Experts from the INC used this technique for five months, until December 2008, when the discs were sent to the United States.
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Truecrypt gives feds a headache
It seems like the Dutch Forensics institute is better then the FBI then.
I did an assignment for them outof uni and learned they have a backdoor into Truecrypt.
I did an assignment for them outof uni and learned they have a backdoor into Truecrypt.
- Thor
- htd0rg lieutenant
- Posts:440
- Joined:Tue Dec 18, 2007 9:39 am
- Location:Location Location [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Truecrypt gives feds a headache
Really? You should share the location of this backdoor, id like to test this myself. That's definitely something our community would be interested in learning about. Further, I am aware of techniques to bypass whole disk encryption in Linux by messing with initrd.img. So a backdoor might work similarly. I wouldn't be sure about what to do to files or "containers" that are encrypted by truecrypt.
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Truecrypt gives feds a headache
For some reason they weren't too eager to share it with a flock of students xDThor wrote:Really? You should share the location of this backdoor, id like to test this myself. That's definitely something our community would be interested in learning about. Further, I am aware of techniques to bypass whole disk encryption in Linux by messing with initrd.img. So a backdoor might work similarly. I wouldn't be sure about what to do to files or "containers" that are encrypted by truecrypt.
- Thor
- htd0rg lieutenant
- Posts:440
- Joined:Tue Dec 18, 2007 9:39 am
- Location:Location Location [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Truecrypt gives feds a headache
I can't imagine why not :)Cool_Fire wrote:For some reason they weren't too eager to share it with a flock of students xDThor wrote:Really? You should share the location of this backdoor, id like to test this myself. That's definitely something our community would be interested in learning about. Further, I am aware of techniques to bypass whole disk encryption in Linux by messing with initrd.img. So a backdoor might work similarly. I wouldn't be sure about what to do to files or "containers" that are encrypted by truecrypt.
- infinite_
- Bat Country
- Posts:1353
- Joined:Fri Jun 04, 2004 7:19 pm
- Location:Australia [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Truecrypt gives feds a headache
So I wonder, do they *really* have a backdoor into TC or were they just talking themselves up to scare some students? Has this been verified elsewhere on the internet, or hinted at?
It makes me think that if they had a backdoor then so would other agencies; or at the very least, they'd offer a service to other agencies. And if that were the case, I wonder how long they'd be able to keep the information of their backdoor access quiet if such things were mentioned in criminal cases and the like.
It makes me think that if they had a backdoor then so would other agencies; or at the very least, they'd offer a service to other agencies. And if that were the case, I wonder how long they'd be able to keep the information of their backdoor access quiet if such things were mentioned in criminal cases and the like.
My effort to help you will never exceed your effort to explain the problem.
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Truecrypt gives feds a headache
I've seen a few truecrypt "exploits" in the past for older versions. They relied on code errors in TC which allowed you to predict part of the encryption key in order to reduce the amount of time needed to brute force it.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
- Thor
- htd0rg lieutenant
- Posts:440
- Joined:Tue Dec 18, 2007 9:39 am
- Location:Location Location [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Truecrypt gives feds a headache
Right, it would seem more likely that they were just defeating it through traditional hacking rather then having a backdoor in the software. Although, backdoor is sometimes referred to as a vulnerability that people are aware of. It is open source software, so if someone really wanted to, they could just review the code.
In saying all this, I am aware of a method of defeating truecrypt by beating it when the bootloader boots. Issue 26/4 of 2600 has an article about "Pwning past whole disk encryption" (The same issue about hacking the TOR control protocol in a recent post). It details how this is done on Linux systems, but go on to mention it's the same idea on Microsoft and Linux machines with truecrypt.
Basically, they were just exploiting the very small part of a hard disk that isn't encrypted, the boot partition, even when you have full disk encryption of any sort enabled. In short, they were replacing the initrd.img and vmlinuz scripts with modified versions of their own by way of a live cd. They simply re-wrote them to start decryption even if the wrong paraphrase was entered.
In saying all this, I am aware of a method of defeating truecrypt by beating it when the bootloader boots. Issue 26/4 of 2600 has an article about "Pwning past whole disk encryption" (The same issue about hacking the TOR control protocol in a recent post). It details how this is done on Linux systems, but go on to mention it's the same idea on Microsoft and Linux machines with truecrypt.
Basically, they were just exploiting the very small part of a hard disk that isn't encrypted, the boot partition, even when you have full disk encryption of any sort enabled. In short, they were replacing the initrd.img and vmlinuz scripts with modified versions of their own by way of a live cd. They simply re-wrote them to start decryption even if the wrong paraphrase was entered.
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Truecrypt gives feds a headache
That's pretty weird, the passphrase is supposed to be integral to the decryption process, usually part of the actual encryption key, or at least the encryption key to the disk's encryption key.
If you can just bypass that in software that'd imply a huge design flaw.
If you can just bypass that in software that'd imply a huge design flaw.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.