Things to avoid while using Truecrypt

Things to avoid while using Truecrypt

Truecrypt is Free + Open source disk software. However I found out stuff that we should all be aware of to avoid our sensitive data being exposed. This does not mean isn’t safe I will just show how to make it stronger against various attacks. First of all True-crypt encourages you to use AES as its the first on the list (default) and its the fastest when you benchmark all available algorithms.
 
 
tcbench

Therefore I thought of sharing this information that I recently found while surfing the net .If you ever use AES as your encryption algorithm then be aware that your container can be attacked by Truetrack and Hashcat.
 
truecrack

 

aestc
 
What if you use a combination of three algorithms will it be safer option?
Only if you use strong password for example “I1WBDQpFp8@”:ve’nOq&b@+2WPL9v7″ then you can be sure that your data is safe and the reason for that is because hashkill can brute force any type of algorithm including combination of three algorithms !

hushkill
 
What If I use a strong combination of algorithm (Serpent-Twofish-AES) and strong password am I safe ?
Well if you have caching password enabled on your True-crypt settings !! then you are not if someone gets access to your computer physically.

tccache

 

The reason is people like lostpassword and elcomsoft can use fire-wire ports to retrieve your cached keys by doing the following:

  • Analyzing the hibernation file (if the PC being analyzed is turned off);
  • Analyzing a memory dump file *
  • Performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).

 

lostpassword

 

elcomsoft

 


 

Quote by Steve Gibson:
“The TrueCrypt development team’s deliberately alarming and unexpected “goodbye and you’d better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team . . . much like Windows XP after May of 2014. In other words, we’re on our own.”
 

Downloads:

  • TrueCrypt v7.1a installation packages:

 

  • The TrueCrypt User’s Guide for v7.1a:

 

  • The TrueCrypt v7.1a source code as a gzipped TAR and a ZIP:

 


 

Conclusion:

  • Don’t use AES to encrypt your disk as its the easiest to brute-force.
  • Always use a combination of three algorithms with SHA-512.
  • Using keyfile by its own without a password is not secure.
  • Disable Fire-wire port.
  • Use Hidden volumes if possible.
  • Use a very strong password and do not share it use keepass to store it.
  • Do not cache your True-crypt password and make sure its cleared on dismount or exit on settings.
  • On creating a container uncheck the checkbox for “Show” in the last dialog and to wiggle with the mouse at least for 45 seconds.
  • Truecrypt was fully audited check updates here final report can be seen here. A good security analysis of TrueCrypt 7.0a can be found here.
  • To know more about encryption please read this document.
  • VeraCrypt is Truecrypt fork that enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks. Veracrypt audit can be found here and I strongly recommend to shift from Truecrypt to Veracrypt.

 


 

Digiprove sealCopyright protected by Digiprove © 2013-2016 Eagle Eye Digital Solutions
JOIN OUR NEWSLETTER
Amazing people have subscribed to our newsletter — and you’re amazing too!
We hate spam. Your email address will not be sold or shared with anyone else.
The following two tabs change content below.
Warith Al Maawali
W. AL Maawali is the Founder and Chief Editor of Eagle Eye Digital Solutions from the Sultanate of Oman with over 20 years experience in Security and Digital Forensics. He is also the Founder of om77.net.
Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.
TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device.
Download MD5:7a23ac83a0856c352025a6f7c9cc1526
Download MD5:89affdc42966ae5739f673ba5fb4b7c5
Download MD5:bb355096348383987447151eecd6dc0e
Download MD5:09355fb2e43cf51697a15421816899be
Download MD5:eb71d8108afec84d4dc72c523b57763a
Download MD5:218d80bbe69cb63dba124efb62600e0f
Download MD5:60b1ea96c0dcb7238da39844f0c11910
Download MD5:102d9652681db11c813610882332ae48
Download MD5:3ca3617ab193af91e25685015dc5e560

2 comments

  1. Quiet_Devil

    Good information, keep it up the good work

  2. Good information thank you

commentJoin the Discussion

Pin It on Pinterest