Pretty much
Better to have true than false security, if you ask me.
Pretty much
Better to have true than false security, if you ask me.
Well, then Bitlocker is also not for you as it's closed source.
------------------------------>>>>>>>>>> <<<<<<<<<<------------------------------
THanks for the link, but I don't share your conclusion:TrueCrypt isn't something I'd trust. Why you ask? Read this Bootkit bypasses hard disk encryption - The H Security: News and Features
As Shoulder suggested, I don't think TrueCrypt could be incriminated for that. TrueCrypt is an encryption tool, not an anti-malware. For the same reason you could say "don't trust PGP" or even "don't trust Zone Alarm because everyone who stole your HDD with ZA installed can read your data in plain text" ?
Imo, the links you gave doesn't really prove you don't trust TrueCrypt, it shows you don't trust your PC. What could be safe if your machine is compromised ?
In the attacked decribed, the MBR is compromised by an attancker before the user log to is truecrypt. A possible countermeasure could be to boot only from CD.
I already answered to that question. TrueCrypt by nature should be able to protect against that.
Originally Posted by Gapo
To feed the debate: This question has been discussed on the TrueCrypt forums
Moreover, in saying "TrueCrypt by nature should be able to protect against that" you could be right, and I could have been wrong in speaking about PGP. Indeed in doing some search, I have found that:
PGP Advisory Board
Stoned Boot Attack
Tuesday, August 4th, 2009
Another development that came out this last week at Black Hat is the “Stoned Bootkit” boot-level malware. You can find documentation including the source code at the http://www.stoned-vienna.com/ site.
This is an interesting piece of malware, particularly since it works around the full-disk encryption provided by the open source TrueCrypt application. Despite the excellent paper and presentation on the Stoned-Vienna website, there is a good deal of misinformation about it, even on that site.
(...)
The creators managed to get around TrueCrypt through a clever bit of brute-force. They install themselves as a shim driver above TrueCrypt and below Windows, thus completely bypassing TrueCrypt’s encryption.
The natural question for anyone who uses PGP is whether it would affect a system protected with PGP® Whole Disk Encryption (WDE).
The answer I give is that it would not as written.
PGP WDE has a clever feature in it — WDE prevents you from writing over the MBR. Consequently, it’s impossible to install MBR-level malware on a system with PGP WDE for that simple reason.
This particular piece of malware very cleverly installs itself in the MBR and performs a judo move on TrueCrypt. That particular judo move wouldn’t work on PGP WDE because we protect the MBR. It wouldn’t work on a system that protects the MBR some other way, like with a Trusted Platform Module (TPM). It also doesn’t affect systems that don’t have an MBR at all, like systems that boot with EFI including all Macs.
Stoned Boot Attack
But then, we can trust TrueCrypt on systems booting with EFI ?
Last edited by Renk; 08.11.10 at 01:34.
Reply With Quote
Bookmarks