Truecrypt container hacked?
admin at pilobilus.net
Sat Aug 22 23:25:02 PDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 08/22/2015 06:07 PM, Tomas Overdrive Petru wrote:
> This one has been puzzling me for several days. Since I have
> not yet been able to figure it out, I thought I would "bleg"
> for assistance from our encryption-savvy readership.
> According to the Sun Sentinel
a South Florida man was recently convicted of stealing military
> secrets. I am less concerned with what he stole or why than
> with what the story says about how the evidence against him was
> identified and used. Here is the relevant part of the story:
Historically, the FBI has used keyloggers to defeat PGP Disc and
Truecrypt - and also, I am sure, other encrypted file systems that
don't have back door access as a standard feature.
Since rubber hose cryptanalysis and bugging computers are well
known FBI methods, while world + dog have failed so far to make
real progress on breaking the ciphers used in Truecrypt, I see no
reason to suspect the latter occurred. None at all.
The word "Truecrypt" does not appear in this summary of expert
testimony, which describes forensics conducted at the facilities
the classified files were borrowed from:
So, the defendant was already in the bag before somebody managed
to type the correct pass phrase and examine the contents of his
stash. I found no indication of whether his guilty plea came
before or after investigators had access to the encrypted data; it
seems very likely that handing over the pass phrase was part of a
Persuading people that a cryptographic tool does not work is a
very effective attack against it. Should we blame ignorance or
something else for the "Truecrypt is broken" take-away many casual
readers will pick up from this story as written?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the cypherpunks