Newly found TrueCrypt flaw allows full system compromise

Toggle sidebar Toggle sidebar
J

Jovec

Senior member
Feb 24, 2008
579
2
81
Chiefcrowe said:
http://www.pcworld.com/article/2987...crypt-flaw-allows-full-system-compromise.html


Hmm.. what do you guys think of Veracrypt?

It seems to me that this flaw only affects you if you encrypt your entire drive, am I understanding it correctly?
Click to expand...

It's somewhat vague.

The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.
Click to expand...

It seems they need a user account, and this flaw can get them admin rights. It doesn't mention if they can extract the key. If they can't, TC still provides the same level of "stolen laptop" protection.

Keep in mind that FDE is for drives that are powered off. You could have the strongest, most secure FDE ever made but it won't protect your system once it's booted and you've entered the password.
 
Chiefcrowe

Chiefcrowe

Diamond Member
Sep 15, 2008
5,052
195
116
Thanks for the reply.

I'm curious to see if anyone has been using veracrypt and how it is?
 
John Connor

John Connor

Lifer
Nov 30, 2012
22,757
617
121
I've used Truecrypt for years. Since the audit I've been happy to use Truecrypt and don't want to touch a fork unless it's audited.

Accroding to GRC, forks may in fact violate the EULA or whatever.
 
Last edited:
B

BirdDad

Golden Member
Nov 25, 2004
1,131
0
71
I'll keep using TC as I believe that this "exploit" is nothing more than drives that were unlocked then switch user was applied and from there they go into it.
 
John Connor

John Connor

Lifer
Nov 30, 2012
22,757
617
121
Yeah, if your computer that is TC encrypted is on and accessible already it's game over. So long as when my computer is off and safe with encryption I'm happy.
 
B

BirdDad

Golden Member
Nov 25, 2004
1,131
0
71
I've tried VC and it is just like TC except that it is not open source which makes me suspicious of it.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
58,805
9,119
126
Veracrypt is as *"open" as Truecrypt. At this point, they should be virtually identical, with Veracrypt actually being supported.

*Truecrypt used a bullshit license that wasn't libre, and Veracrypt inherited much of it. Instead of being special snowflakes, they should have used the gpl.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom