Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Truecrypt Problems

  • Please log in to reply
1 reply to this topic

#1 Kevin Alt

Kevin Alt

  • Members
  • 1 posts
  • Local time:07:19 AM

Posted 25 September 2008 - 02:58 PM

Hello all, wasn't really sure where to put this at in the forums. I'm doing a little experiment. I used the princeton cold boot attack and a few other tools to extract aes keys being used by truecrypt. I've been reading about how you can backup the truecrypt volume header (which is backing up a key) and things of that sort, but i can't seem to find out how i can input the key and decrypt a truecrypt volume with just the aes key. With the attack i obtained more than one key, so i'm assuming that i have both the private and public keys. Anyone with any knowledge about how i would decrypt this truecrypt file container using the keys, please let me know.

BC AdBot (Login to Remove)


#2 raw


    Bleeping Hacker

  • Members
  • 2,577 posts
  • Gender:Male
  • Location:Texas
  • Local time:06:19 AM

Posted 26 September 2008 - 12:16 AM

This topic is very near violating board rules. It may get closed.
The two keys you have are the TrueCrypt key and the XTS tweak key.
The implementation of this attack does not require the keys to be "cracked".
Merely fed back to the TC process that was running on a mounted encrypted
drive when the power was cut.
For TC 4 you also need the LRW tweak key.
If you manage to get a password it may only be the password for
the outer container. You still need a password for the inner container.
And if you mange to get both of those, TC can be configured to use
a "key file". Without access to the keyfile you still will not be able
to open the encrypted file. (container)
FYI - on a simple single desktop machine, trying to crack a 7 letter
password would take about 37 years.
So far AES has not been cracked.


 rawcreations.net          @raw_creations

Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users