There are two major types of attack to TrueCrypt’s volumes.
1) Keylogger (software or hardware) – it’s obvious, and this isn’t a TrueCrypt problem. Hence I won’t write about this. Just – be careful if you mount a TC volume on unknown or foreign machines. You should suppose that each computer which doesn’t belong to you is untrusted.
2) Storing a password in physical memory – this is the problem which I want to shortly describe in this post. I’ve read that TC try to erase a volume password from a physical memory after dismounting the volume. And I tested this theory – I’m little frightened as TC didn’t clear my password in my tests. This problem is important for these people who want to be sure that their essential data is protected from being discovered by police or other „special services“
Use this program to check if your physical memory contains your password (after the mount and dismount operation)
Maybe I did my tests wrong? I don’t know, but the fact is that you shouldn’t trust TC in removing passwords from a physical memory if your protected data is very essential to you. The best thing which you can do after dismounting a TC volume is to switch off your machine for up to 1 hour to clear the physical memory from almost every data.
Nevertheless, using of TrueCrypt (or derivates) is a great way to secure your data in case of storagw theft. If your switched off from electricity a machine (a notebook for example) with TC volume with a strong password is stolen and this machine doesn’t have any hidden keylogger, then your data encrypted inside the TC volume should be perfectly safe. Till popularisation of quantum computers. :-)
Leave a Reply
You must be logged in to post a comment.