Cracking truecrypt files in minutes? Or just truecrypt harddrives in minutes?
Apparently can be used to crack truecrypt hard drive encryption. Has anyone tried it and is it possible to crack truecrypt files too with this software?
2Passware Kit Forensic, complete with Passware FireWire Memory Imager, is the first and only commercial software that decrypts BitLocker and TrueCrypt hard disks, and instantly recovers Mac and Windows login passwords of seized computers.
2 Answers
This attack only works on Full-Disk Encrypted systems, or otherwise requires that the volume be mounted at the time the attack is undertaken (or when the system last hibernated). the attack works by accessing the key in ram, which wouldn't be possible in the case of a unmounted volume. If the key cannot be found in memory, it attempts to find it in hiberfil.sys, but if the volume was not loaded during the last hibernation, the key will not be there either.
NOTE: If the target computer is turned off and the encrypted volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns brute-force attacks to recover the original password for the volume.
So, use a strong password, disable hibernation, and do not mount volumes on boot (only mount on demand when you need to, and dismount when you are done) and you should be pretty safe against this tool.
4I strongly doubt this. The only decryption methods for truecrypt containers to my knowledge are brute force ones, and thus if you have a strong passphrase and your system is not compromised by a keylogger or other malware it will not be possible to recover a truecrypt file within minutes. This is an article about an truecrypt brute force tool, unfortunately in german, but it's quite slow and so I really doubt the statements made for this toolset.
Since beeing downvoted I want to clarify my statement: if you have a dismounted Truecrypt container and no hiberfil to look for the password chances will be minimal with brute force in case of a strong password. Of course, a system in hibernation state and with mounted truecrypt container you are vulnerable.
