Passware Kit Forens...
 
Notifications
Clear all

Passware Kit Forensic Decrypts TrueCrypt Hard Disks in Minut

10 Posts
7 Users
0 Likes
454 Views
(@douglasbrush)
Posts: 812
Prominent Member
Topic starter
 

Press Release going out from Passware today


http//www.prnewswire.com/news-releases/passware-kit-forensic-decrypts-truecrypt-hard-disks-in-minutes-89502507.html

In response to customer requests, especially from law enforcement organizations, Passware has enhanced Passware Kit Forensic to allow for memory acquisition of a seized computer over FireWire port, even if the computer is locked. When a target computer is seized and turned on with the encryption disk accessible, the software scans its memory image and extracts the encryption keys, so law enforcement personnel can access the stored data.

 
Posted : 30/03/2010 9:52 pm
(@abstruserint)
Posts: 4
New Member
 

Surely I'm mistaken in saying that this isn't exactly news, as commented on the Truecrypt forums themselves?

http//forums.truecrypt.org/viewtopic.php?t=19681

That tool can be useful only if you ignore the security requirements for using TrueCrypt that are listed in the TrueCrypt User's Guide.

Specifically

http//www.truecrypt.org/docs/?s=unencrypted-data-in-ram

http//www.truecrypt.org/docs/?s=physical-security

See also http//www.truecrypt.org/docs/?s=security-model

Besides, wasn't dumping RAM from Firewire able to be done a few years ago?

It's nice that it's part of the suite of tools of course, but the press release makes it sound like they themselves have 'Broken' Truecrypt -

…has become the first commercially available software to break TrueCrypt hard drive encryption without applying a time-consuming brute-force attack…

Correct me if I'm misunderstanding this, please.

 
Posted : 31/03/2010 12:49 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

It maybe indeed "the first commercially available software" to do so.

 
Posted : 31/03/2010 7:35 pm
(@kovar)
Posts: 805
Prominent Member
 

Greetings,

This is interesting. I tried getting the firewire hack to work and did succeed, but it required a fair bit of patience and experience. If they've got it working reliably on Windows, it might be worth buying.

-David

 
Posted : 03/04/2010 7:51 am
(@libris)
Posts: 3
New Member
 

how long will it take to get the password with this tool?

 
Posted : 04/04/2010 1:21 am
(@kovar)
Posts: 805
Prominent Member
 

Greetings,

*If* it can get the password, I imagine it will do so pretty quickly. I'm also certain that the various vendors have, or are in the process, of making their keys and passwords much harder to retrieve from memory. The password recovery aspect of this tool will likely diminish over time but the ability to grab memory via firewire, by passing the login screen will continue to be useful.

-David

 
Posted : 04/04/2010 7:44 am
(@rampage)
Posts: 354
Reputable Member
 

as said before, the memory dump via firewire was possible also a couple of years ago.

extracting keys of bitlocker and truecrypt from ram was also possible some years ago.

but as far as i know, trucrypt managed to take precautions against memory attacks in the latest versions, by spreading the key informations around the ram preventing it from being acquired as a contiguous set of memory pages.

so i'm not that sure that passware will automagically be able to retrieve the encryption keys of new truecrypt versions that easly.

and btw, selling the work of others is a scum (imho)

 
Posted : 05/04/2010 7:51 am
dmitrys
(@dmitrys)
Posts: 5
Active Member
 

how long will it take to get the password with this tool?

It generally takes about 15 minutes to acquire 4GB of memory via FireWire.

Key search takes less than 5 minutes.

 
Posted : 05/04/2010 12:14 pm
(@rampage)
Posts: 354
Reputable Member
 

have you tested it against the latest version of truecrypt? are keys extracted?

 
Posted : 05/04/2010 7:26 pm
dmitrys
(@dmitrys)
Posts: 5
Active Member
 

have you tested it against the latest version of truecrypt? are keys extracted?

Yes, it was tested with the latest version of TrueCrypt and the keys were extracted successfully.

 
Posted : 06/04/2010 5:20 pm
Share: