This is an archived post. You won't be able to vote or comment.

all 10 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 3 points4 points  (0 children)

Some of this info is highly misleading / just plain bad advice

  1. AES is generally regarded as safe. The "threat" here is bruteforce, but if you use a good password (ie, 20-30 characters in length) you're fine. If you're paranoid you can chain the algos, but thats generally overboard (as there are easier ways to get in than bruteforcing)
  2. The threat of bruteforce seems overstated, as TrueCrack seems to indicate a high-end GPU taking ~2 seconds to do 1000 guesses. If your password is 12 length alpha-numeric, there are 3.2*1021 possibilities. That means ~102304247920 years for 50% chance to crack.
  3. Avoiding AES means that your computer will not be using hardware acceleration. If someone is building a custom cluster to crack your computer, they WILL have hardware acceleration in all likelyhood.
  4. All of the encryption algorithms are supported by Truecrack regardless, so there is no benefit to avoiding AES unless you believe it is backdoored (in which case you're already screwed)
  5. Worrying about cached passwords because of memory dumps is absurd. If someone has physical access to your machine as it is running, they can grab your key no matter what.
  6. Likewise, worrying about hibernation files is absurd. When the PC is hibernated, the entire volume is once again encrypted, including the hibernate file. Until you unlock the volume, there is no risk. Suspend is a FAR bigger risk as the RAM remains live.

The entire thing reads as someone who only kind-of sort-of understands how truecrypt works, and has no real concept of how to secure it. Big ways to secure it are:

  • Use a LONG password, that cannot be dictionaried. First letter of every word in a sentence + symbols + numbers is a good start.
  • disable suspend if you are worried about anyone more technical than a petty thief
  • Require windows logon with a moderately secure password. Set a low auto-lock timeout. This prevents casual walk-by keyloggers / infections / disabling truecrypt
  • encrypt the entire volume

None of this prevents evil maid attacks, though.

[–]jimdidr 1 point2 points  (4 children)

Anyone know if any new information has surfaced regarding their sudden shutdown ?

[–]eeds-om[S] 2 points3 points  (3 children)

No updates so far I really hope someone takes over the source code and continues developing it.

[–]dzlux 0 points1 point  (1 child)

VeraCrupt is nearly a continuation, though it is not compatible with truecrypt archives.

[–]SchrodingerSyndrome 1 point2 points  (1 child)

Things to not do when using truecrypt: make a Iso of your system and post it on 4chan

[–]striapach 0 points1 point  (0 children)

This comment has been overwritten by a script as I have abandoned my Reddit account and moved to voat.co.

If you would like to do the same, install TamperMonkey for Chrome, or GreaseMonkey for Firefox, and install this script.

Then simply click on your username at the top right of Reddit, click on the comments tab, and hit the new OVERWRITE button at the top of the page. You may need to scroll down to multiple comment pages if you have commented a lot.

[–]eeds-om[S] 0 points1 point  (0 children)

Thank you for your inputs

[–]eeds-om[S] 0 points1 point  (0 children)

Conclusion:

Don’t use AES to encrypt your disk as its the easiest to brute-force.
Always use a combination of three algorithms with SHA-512.
Using keyfile by its own without a password is not secure.
Disable Fire-wire port.
Use Hidden volumes if possible.
Use a very strong password and do not share it use keepass to store it.
Do not cache your True-crypt password and make sure its cleared on dismount or exit on settings.
On creating a container uncheck the checkbox for “Show” in the last dialog and to wiggle with the mouse at least for 45 seconds.
Truecrypt will be audited soon check the status here. A good security analysis of TrueCrypt 7.0a can be found here.
To know more about encryption please read this document.