-
January 29th, 2012, 01:55 PM
#1
Junior Member
folderlock
hi again,
i recently posted a thread about truecrypt and was very happy with the replies-thankyou
before using truecrypt i was using folderlock (latest version). i was concerned about details of how to hack folderlock passwords(going into the registry and finding the encrypted password backwords and then going one step forward in the alphabet to reveal the true password)
my question is of two parts:
1) can folderlock be hacked in this way?
2) if i sucurely deleted a folderlock container ( one pass) could the password be recovered somehow?
i ask this because i use a well remebered and complicated password that i continue to use with truecrypt and i don't want it to be hacked from the deleted folderlock password and it to be used on my truecrypt volumes.
TIA
kindest regards,
ken.
-
January 29th, 2012, 11:03 PM
#2
-
January 30th, 2012, 01:48 PM
#3
Junior Member
thanks and more questions
hi,
many thanks for your reply!
how did you know i was from the uk (i was using a good proxy server-or was it not in operation?)
how do you know i'm a boozer HAHAHA
anyways you said that folderlock was (is) secure. if its secure then why do you suggest all the work on the registry
are all the tools you suggest using secure or could they hold security threats?
also, one final question- can truecrypt be hacked ever, by governments if a very long, very complicated password were used? i thought encryption could not be comprimised in such circumtances!
TIA
kindest regards,
ken
-
January 30th, 2012, 02:44 PM
#4
Hi Ken,
how did you know i was from the uk (i was using a good proxy server-or was it not in operation?)
It was a guess based on your use of English and the times at which you post
how do you know i'm a boozer HAHAHA
If you are into computers and understood "Leyton Orient" you would have to be
are all the tools you suggest using secure or could they hold security threats?
I have used them all for several years, and they are quite well known. They are simply on demand system maintenance tools, so they are harmless provided that you get them from a reliable download source. I use Piriform, Auslogics and Eusing, as those are the official sites.
anyways you said that folderlock was (is) secure. if its secure then why do you suggest all the work on the registry
Belt and braces mate If your password were left in the Registry then Registry cleaners should spot the software is missing and wipe the entry (and password). Defragmenting would tend to help with performance as does CCleaner. I mostly use the tools for system stability and performance rather than security, but they can have security functionality by getting rid of stuff.
can truecrypt be hacked ever, by governments if a very long, very complicated password were used? i thought encryption could not be comprimised in such circumtances!
Theoretically, all encryption can be broken given sufficient time and resources. Governments probably have these, but you would have to do a lot more than just encrypting your drive to appear on their radar.
As a protection against more common threats, 256bit AES encryption should be more than adequate. Nobody is going to spend months or even years trying to crack something that might not be of any interest anyway. And that assumes they have managed to get hold of it in the first place.
Hope that helps.
EDIT:
Looking at it from an attacker's viewpoint, I wouldn't try to decrypt the files/folders; rather I would try to crack the password. So, if you use Truecrypt portable, this would be an added layer of security as the password is not stored with the machine.
Last edited by nihil; January 30th, 2012 at 03:05 PM.
-
January 30th, 2012, 05:47 PM
#5
Junior Member
folderlock???thanks
hi
ok i'm a bit intoxicated HAHAHA (social services are probably going to take my kids soon-nothing bad, just me being an alky no violence no nothingbad!)
ok so you said that folderlock is safe UNLESS you use portable (the password is kept in RAM) does this mean that the password could have been kept on the HDD-if so i will wipe the hard drive (or destroy it- which do reccomend)using a 35 pass with ccleaner
you also said that you believe in god in which case GOD BLESS YOU, not many people in the uk believe in god-i think it's a very good thing!!!
TIA
i hope you will answer me
kindest regards
ken.
-
February 1st, 2012, 12:35 AM
#6
Hi Ken,
Been a bit busy, so I haven't been on the forum.
ok so you said that folderlock is safe UNLESS you use portable (the password is kept in RAM) does this mean that the password could have been kept on the HDD-if so i will wipe the hard drive (or destroy it- which do reccomend)using a 35 pass with ccleaner
Right, you said that you had recently moved from Folderlock to Truecrypt? Like I said, Truecrypt does most of its stuff in RAM which is effectively volatile except for a period measured in minutes after it has been turned off.
If you use the portable version of Truecrypt, then everything is done in RAM, and your password is not stored on the HDD.
Folderlock does store your access credentials on your HDD, and I thought that your concern was that your password might still be there as a result?
I am pretty sure that if you uninstalled it as per its instructions, all that might be left would be the folder it lived in and the uninstaller program if it has its own.
If you remove any remnants or references then run the Registry cleaners that I suggested, they should remove any last traces.
As you have mentioned erasing and CCleaner, this isn't an erasing tool as such, but you might want to run the clean free space option as this is where a number of nasties like to hide, and where you can find residual data.
To erase stuff I use Darik's Boot & Nuke and usually only one pass, as that will kill any malware and check the drive for hardware faults. For a more secure erase you would use 3 or 7 passes, but that is really just a cover your arse thing for military, medical, government, finance, and the like.
The "35 passes" idea comes from Dr. Peter Gutmann's research in the mid 90's. It is obsolete given modern HDD technology, and contained a lot of redundancy back then, because quite a few of the passes were duplicates, depending on what type of drive you were dealing with. The 35 was to cover all possibilities if I remember correctly.
Destruction?..............why bother?.....................just change your password like I suggested, and remember that your data are still there and potentially vulnerable, even though you have changed the protection method. Obviously, they will be just as vulnerable on a new HDD if not more so, given that there won't be so much background "noise" as there is on a old, well used drive.
Remember that there is a lot of money to be made in data recovery, and I am not aware of a single company that will offer to recover data that have been overwritten even once?
OH! and errrr...........ummm...........well, yeah: "just because you aren't paranoid doesn't mean that they aren't out to get you"
-
February 2nd, 2012, 11:43 AM
#7
Junior Member
thanks
hi
sober today!!!
thanks for the info and i will act on it.
let jehovas peace be with you.
i'm out of here!
bye bye
ken.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|