Results 1 to 7 of 7

Thread: folderlock

  1. #1
    Junior Member
    Join Date
    Jan 2012
    Posts
    7

    folderlock

    hi again,

    i recently posted a thread about truecrypt and was very happy with the replies-thankyou

    before using truecrypt i was using folderlock (latest version). i was concerned about details of how to hack folderlock passwords(going into the registry and finding the encrypted password backwords and then going one step forward in the alphabet to reveal the true password)

    my question is of two parts:

    1) can folderlock be hacked in this way?

    2) if i sucurely deleted a folderlock container ( one pass) could the password be recovered somehow?
    i ask this because i use a well remebered and complicated password that i continue to use with truecrypt and i don't want it to be hacked from the deleted folderlock password and it to be used on my truecrypt volumes.

    TIA

    kindest regards,

    ken.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Ken,

    1. No
    2. Yes

    Folder Lock is a commercial product; if its security were that trivial it wouldn't sell

    You shouldn't use the same password for everything and you should change them regularly.

    If my password takes 35 days to crack and I change it every month ........

    Errrrrr............. who is going to have access to your computer, and know that you have even used Folder Lock in the first place, and know that you are now using Truecrypt and know that you use the same password.........

    The answer is "Leyton Orient"

    Leyton: core password: Orient

    Johnny foreigner has never even heard of Leyton Orient, let alone know the name of their reserve goalkeeper backwards???

    Search for Auslogics and Eusing. get their Registry cleaners and the Eusing Registry defragmenter and Auslogics disk defragmenter.

    Get CCLeaner.

    Run CCLeaner and then its Registry repair tool............ DO NOT save changes, just back up the Registry first and overwrite that when you are done.

    Run Auslogics registry repair then Eusing's........... then defrag the Registry with Eusing. Then defragment the HDD with Auslogics............. use the dropdown and select defragment and optimise

    Before this, you should make sure that you have fully removed Folder Lock from your machine.

    If you overwrite a folder you have effectively removed that data only............ the rest remains.

  3. #3
    Junior Member
    Join Date
    Jan 2012
    Posts
    7

    thanks and more questions

    hi,

    many thanks for your reply!

    how did you know i was from the uk (i was using a good proxy server-or was it not in operation?)

    how do you know i'm a boozer HAHAHA

    anyways you said that folderlock was (is) secure. if its secure then why do you suggest all the work on the registry

    are all the tools you suggest using secure or could they hold security threats?

    also, one final question- can truecrypt be hacked ever, by governments if a very long, very complicated password were used? i thought encryption could not be comprimised in such circumtances!

    TIA

    kindest regards,

    ken

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Ken,

    how did you know i was from the uk (i was using a good proxy server-or was it not in operation?)
    It was a guess based on your use of English and the times at which you post

    how do you know i'm a boozer HAHAHA
    If you are into computers and understood "Leyton Orient" you would have to be

    are all the tools you suggest using secure or could they hold security threats?
    I have used them all for several years, and they are quite well known. They are simply on demand system maintenance tools, so they are harmless provided that you get them from a reliable download source. I use Piriform, Auslogics and Eusing, as those are the official sites.

    anyways you said that folderlock was (is) secure. if its secure then why do you suggest all the work on the registry
    Belt and braces mate If your password were left in the Registry then Registry cleaners should spot the software is missing and wipe the entry (and password). Defragmenting would tend to help with performance as does CCleaner. I mostly use the tools for system stability and performance rather than security, but they can have security functionality by getting rid of stuff.

    can truecrypt be hacked ever, by governments if a very long, very complicated password were used? i thought encryption could not be comprimised in such circumtances!
    Theoretically, all encryption can be broken given sufficient time and resources. Governments probably have these, but you would have to do a lot more than just encrypting your drive to appear on their radar.

    As a protection against more common threats, 256bit AES encryption should be more than adequate. Nobody is going to spend months or even years trying to crack something that might not be of any interest anyway. And that assumes they have managed to get hold of it in the first place.

    Hope that helps.

    EDIT:

    Looking at it from an attacker's viewpoint, I wouldn't try to decrypt the files/folders; rather I would try to crack the password. So, if you use Truecrypt portable, this would be an added layer of security as the password is not stored with the machine.
    Last edited by nihil; January 30th, 2012 at 03:05 PM.

  5. #5
    Junior Member
    Join Date
    Jan 2012
    Posts
    7

    folderlock???thanks

    hi

    ok i'm a bit intoxicated HAHAHA (social services are probably going to take my kids soon-nothing bad, just me being an alky no violence no nothingbad!)

    ok so you said that folderlock is safe UNLESS you use portable (the password is kept in RAM) does this mean that the password could have been kept on the HDD-if so i will wipe the hard drive (or destroy it- which do reccomend)using a 35 pass with ccleaner

    you also said that you believe in god in which case GOD BLESS YOU, not many people in the uk believe in god-i think it's a very good thing!!!

    TIA

    i hope you will answer me

    kindest regards

    ken.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Ken,

    Been a bit busy, so I haven't been on the forum.

    ok so you said that folderlock is safe UNLESS you use portable (the password is kept in RAM) does this mean that the password could have been kept on the HDD-if so i will wipe the hard drive (or destroy it- which do reccomend)using a 35 pass with ccleaner
    Right, you said that you had recently moved from Folderlock to Truecrypt? Like I said, Truecrypt does most of its stuff in RAM which is effectively volatile except for a period measured in minutes after it has been turned off.

    If you use the portable version of Truecrypt, then everything is done in RAM, and your password is not stored on the HDD.

    Folderlock does store your access credentials on your HDD, and I thought that your concern was that your password might still be there as a result?

    I am pretty sure that if you uninstalled it as per its instructions, all that might be left would be the folder it lived in and the uninstaller program if it has its own.

    If you remove any remnants or references then run the Registry cleaners that I suggested, they should remove any last traces.


    As you have mentioned erasing and CCleaner, this isn't an erasing tool as such, but you might want to run the clean free space option as this is where a number of nasties like to hide, and where you can find residual data.

    To erase stuff I use Darik's Boot & Nuke and usually only one pass, as that will kill any malware and check the drive for hardware faults. For a more secure erase you would use 3 or 7 passes, but that is really just a cover your arse thing for military, medical, government, finance, and the like.

    The "35 passes" idea comes from Dr. Peter Gutmann's research in the mid 90's. It is obsolete given modern HDD technology, and contained a lot of redundancy back then, because quite a few of the passes were duplicates, depending on what type of drive you were dealing with. The 35 was to cover all possibilities if I remember correctly.

    Destruction?..............why bother?.....................just change your password like I suggested, and remember that your data are still there and potentially vulnerable, even though you have changed the protection method. Obviously, they will be just as vulnerable on a new HDD if not more so, given that there won't be so much background "noise" as there is on a old, well used drive.

    Remember that there is a lot of money to be made in data recovery, and I am not aware of a single company that will offer to recover data that have been overwritten even once?

    OH! and errrr...........ummm...........well, yeah: "just because you aren't paranoid doesn't mean that they aren't out to get you"


  7. #7
    Junior Member
    Join Date
    Jan 2012
    Posts
    7

    thanks

    hi

    sober today!!!

    thanks for the info and i will act on it.

    let jehovas peace be with you.

    i'm out of here!


    bye bye

    ken.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •