12
A few months ago someone (journalist?) claimed authorities cracked his 30+ char strong Veracrypt (or TrueCrypt?) passphrase. His computer was turned off when apprehended. I can not locate the story. (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by Cinner@lemmy.world to c/privacyguides@lemmy.one
12 comments fedilink hide all child comments

Does anyone remember seeing this? I really want to know if there was an update to his case. I thought I saw it on HN but I can NOT for the life of me find it now anywhere. Normally I'm not one to buy into "XYZ scrubbed QWERTY from the internet", but I absolutely can not find this story ANYWHERE now and it seems like it should be easily found with keywords.

If anyone interested has a Twitter account, would you mind searching there for Truecrypt and Veracrypt to see what comes up? That’s the one place I haven’t looked because I don’t have an account.

top 11 comments
sorted by: hot top controversial new old
[-] theyprovidethepaint@lemmy.world 4 points 1 year ago

I suspect you are remembering this event from April, but it was actually related to Linux LUKS encryption: https://mjg59.dreamwidth.org/66429.html .

That said, even with an older key derivation scheme, it seems unlikely they did a full brute force. Guessing they had some unreleased info that helped them open it.

[-] YellowtoOrange@lemmy.world 3 points 1 year ago

I asked bing chat AI, chatgpt4 (and crappy bard) and none could find such a story.

Chatgpt4:

"Unfortunately, I was not able to locate the specific story you mentioned about an individual whose Veracrypt or TrueCrypt passphrase was cracked by authorities. However, I did find information that suggests such an event is plausible.

Elcomsoft, a company that sells forensic software, announced that they had successfully cracked the latest version of Veracrypt, a fork of the now-discontinued TrueCrypt. This was achieved using an updated version of the Elcomsoft Forensic Disk Decryptor, which extracts on-the-fly encryption keys from a computer's RAM. These keys, once captured, can be used to decrypt the hard drive without having to run brute force attacks​1​. This does not directly answer your question, but it provides some context on the potential vulnerabilities of Veracrypt.

I have searched through numerous sources, including Hacker News, but I could not find a story that matches your description. There are many reasons why this could be the case, such as the story being removed, incorrectly recalled details, or simply the limitations of my current search capabilities"

[-] Evoke3626@lemmy.fmhy.ml 2 points 1 year ago

Very scary if true. 30+ characters should be more than enough, not withstanding variables like using a password vs a pass phrase, if it was generated by a computer or human, etc, but very very scary.

Basically this goes to show that, again, if you’re on a nation states radar their is almost nothing you can do to stop them.

[-] nomadic@lemmy.one 2 points 1 year ago* (last edited 1 year ago)

I remember this also as I was contemplating my encryption options at the time. Pretty certain the individual was French. But for the life of me I can't find anything anywhere. Makes me wonder.

[-] Boozilla@lemmy.one 2 points 1 year ago

VeraCrypt was created as a fork of TrueCrypt because TrueCrypt underwent a code audit and they felt it wasn't secure enough. Older version of VeraCrypt were also found to have vulnerabilities. It's a never ending race between castle walls and cannonballs when it comes to this stuff. Maybe the journalist had TrueCrypt or an older unpatched version of VeraCrypt.

[-] heartlessevil@lemmy.one 1 points 1 year ago

I do remember reading that but it was on Twitter and I can't find it any longer. If I recall correctly it was an activist who was arrested.

[-] wasd4321@lemmy.world 1 points 11 months ago

If the user was using Windows, fast startup could have been enabled so they were able to extract the password from the RAM maybe? Other than that I don't know

[-] Cinner@lemmy.world 1 points 9 months ago* (last edited 9 months ago)

Late response, I haven't been on this account recently...

I understand that fastboot and similar things like the hive file if that's what it's called (ram writes to disk) or just a very quick tool/technique for cold booting/freezing RAM, but can just have fastboot enabled, enable them to extract the decryption key from RAM or disk?

I thought VeraCrypt started before everything... like a Linux bootloader.

[-] wasd4321@lemmy.world 1 points 9 months ago

Yeah I don't know

[-] sugarfree@lemmy.world 1 points 1 year ago

Can't find anything on Twitter about that.

load more comments
view more: next ›
this post was submitted on 01 Jul 2023
12 points (100.0% liked)

Privacy Guides

16166 readers
31 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...

Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
jonah@lemmy.one
dngray@lemmy.one
freddy@lemmy.one
ninchuka@lemmy.one
jonah@lemmy.jonaharagon.net