Things to avoid while using Truecrypt
Posted by Warith Al Maawali on May 4, 2013 in Blog | 3 comments
Truecrypt is Free + Open source disk software. However I found out stuff that we should all be aware of to avoid our sensitive data being exposed. This does not mean isn’t safe I will just show how to make it stronger against various attacks. First of all True-crypt encourages you to use AES as its the first on the list (default) and its the fastest when you benchmark all available algorithms.
Therefore I thought of sharing this information that I recently found while surfing the net .If you ever use AES as your encryption algorithm then be aware that your container can be attacked by Truetrack and Hashcat.
What if you use a combination of three algorithms will it be safer option?
Only if you use strong password for example “I1WBDQpFp8@”:ve’nOq&b@+2WPL9v7″ then you can be sure that your data is safe and the reason for that is because hashkill can brute force any type of algorithm including combination of three algorithms !
What If I use a strong combination of algorithm (Serpent-Twofish-AES) and strong password am I safe ?
Well if you have caching password enabled on your True-crypt settings !! then you are not if someone gets access to your computer physically.
The reason is people like lostpassword and elcomsoft can use fire-wire ports to retrieve your cached keys by doing the following:
- Analyzing the hibernation file (if the PC being analyzed is turned off);
- Analyzing a memory dump file *
- Performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).
Quote by Steve Gibson:
“The TrueCrypt development team’s deliberately alarming and unexpected “goodbye and you’d better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we’re on our own.”
- Don’t use AES to encrypt your disk as its the easiest to brute-force.
- Always use a combination of three algorithms with SHA-512.
- Using keyfile by its own without a password is not secure.
- Disable Fire-wire port.
- Use Hidden volumes if possible.
- Use a very strong password and do not share it use keepass to store it.
- Do not cache your True-crypt password and make sure its cleared on dismount or exit on settings.
- On creating a container uncheck the checkbox for “Show” in the last dialog and to wiggle with the mouse at least for 45 seconds.
- Truecrypt was fully audited check updates here final report can be seen here. A good security analysis of TrueCrypt 7.0a can be found here.
- To know more about encryption please read this document.
- VeraCrypt is Truecrypt fork that enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks. Veracrypt audit can be found here and I strongly recommend to shift from Truecrypt to Veracrypt.
Copyright protected by Digiprove © 2013-2022 Eagle Eye Digital Solutions
Latest posts by Warith Al Maawali (see all)
- Apple iOS Mail Client leaking highly sensitive information - December 27, 2019
- Validating VPN nodes - November 3, 2019
- Migrating from php 5.6 to 7.3 - November 1, 2019
- Linux Kodachi 8.27 The Secure OS - October 20, 2013
- Migrating from Vbulletin to Burning board - March 27, 2016
You have to maintain some information, At the time of the encryption, as it provides the protection on ms outlook support with the different type of encryption method.
Good information, keep it up the good work
Good information thank you