Results 1 to 5 of 5

Thread: truecrypt security

  1. #1
    Junior Member
    Join Date
    Jan 2012
    Posts
    7

    truecrypt security

    hi,

    hope i've posted to the right place.

    i would like to know if truecrypt stores its passwords unencrypted on the hard drive (so that someone could examine the hard dirve and find the password)

    i am asking this because i once read that pgp stored its passwords on the hard drive unencrypted is this true of truecrypt?

    TIA

    kindest regards

    ken

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Ken, and welcome to AO

    If any encryption application stored its password in plain text on the HDD it would be as useful as a chocolate fireguard. I think that it is safe to say that none of them do these days.

    From what I remember, Truecrypt does most of its stuff in RAM and I believe that they still claim that it does not store any unencrypted data on the HDD?

    Now, here is where we might have a problem............... I have no idea how it, or any of the others for that matter, work at the detailed level. It might be possible that if you have a systems crash and it does a memory dump, that the password could be somewhere in that dump. Assuming, of course, that you had it open at the time.

    Personally, I use CCleaner (free for private use) and let it overwrite the dumps and file fragments (and piles of other junk). I use 3 passes although you can set it to more if you are really paranoid and like watching paint dry I run it after every session.

    I am assuming that you are using Windows, although TC has Mac and Linux versions. If that is the case then set your dumps to the mini dump rather than the full system dump that drops everything in RAM at the time of the crash.

    I haven't tested it with Truecrypt personally, but looking at the short dumps usually tells me as much as I will be likely to understand about the Windows problem, and I have never seen any passwords or personal data......... just Windows stuff.

    Hope that helps, give me a shout if you have any more questions.

    Cheers
    Last edited by nihil; January 16th, 2012 at 01:24 AM.

  3. #3
    Junior Member
    Join Date
    Jan 2012
    Posts
    7

    thanks

    thanks alot that has put my mind at rest

    ken

  4. #4
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    If you run truecrypt portable then nothing gets put on the machine as its all loaded in RAM.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  5. #5
    Junior Member
    Join Date
    Jan 2012
    Posts
    7

    thanks

    Quote Originally Posted by Cider View Post
    If you run truecrypt portable then nothing gets put on the machine as its all loaded in RAM.
    thanks

    ken.

Similar Threads

  1. Ethical Hacking!
    By E5C4P3 in forum AntiOnline's General Chit Chat
    Replies: 33
    Last Post: January 17th, 2008, 12:40 AM
  2. 30 security holes in Oracle
    By SDK in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: August 5th, 2004, 06:13 PM
  3. Microsoft plans Windows overhaul to fight hackers
    By tekno in forum Microsoft Security Discussions
    Replies: 61
    Last Post: October 15th, 2003, 07:51 AM
  4. NEWS: This weeks security news. 10/2/02
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: October 2nd, 2002, 09:32 PM
  5. Latest SANS Update
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 29th, 2002, 09:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •