Internet privacy and security course
Aa font
AA font size
20
About translation
Previous Next
The methods of breaking encrypted file-hosted volumes and how to protect yourself from them

Chapter 46

The methods of breaking encrypted file-hosted volumes and how to protect yourself from them

Let me get started by telling you a story once told by a forensic expert. One day the law enforcement agents arrested a dangerous criminal that kept all information in a TrueCrypt encrypted file-hosted volume on a USB flash drive.

The criminal refused to witness against himself “pleading the Fifth”, his accomplices were at large, and the police’s efforts to unlock the USB flash drive proved inadequate. But then the experts came up with an ingenious alternate method: a malicious program was downloaded to the criminal’s USB flash drive which was supposed to send the data to the police’s servers as soon as the criminal accessed a computer with an Internet connection and decrypted the data.

The criminal was released, his devices, including the USB flash drive, were given back to him, and two days later the experts received all the necessary data from his flash drive which sufficiently substantiated his arrest.

This is just one of the ways of breaching an encrypted fie-hosted volume we are going to describe in this section.

There is an abundance of articles and estimates on the Internet saying that breaking an encrypted file-hosted volume, provided there is a secure password in place, can take at least a hundred years… This is a myth, so let me begin by debunking it.

Brute forcing an encrypted file-hosted volume

A brute-force attack consists of an attacker trying many passwords until he eventually guesses correctly. Indeed, a brute-force attack against encrypted data with a secure password can take a few hundreds of years. At the end of the day, the developers invested a lot of time and effort in the attempts to ensure protection primarily from a brute-force attack. All these estimates build on the assumption that a password is tried by a common computer with ordinary capacity.

But what if your encrypted file-hosted volume is handled by special supercomputers whose total brute-force cracking capacity is 10,000 larger than that of a common computer? According to the experts’ estimates available on the Internet, a common brute-force attack would take a hundred years, but given this kind of capacity, breaking an encrypted file-hosted volume is a matter of few days.

Your password security and brute-force attack resistance are far from being definitive terms. Therefore, for an encrypted file-hosted volume in a password manager, we recommend you create a password consisting of at least 50 symbols with a keyfile – as opposed to a 20-symbol password deemed secure enough by other experts.

Tip

Use both a secure password and key-file to ensure protection for your encrypted file-hosted volume.

There is an obvious downside to brute-force attacks for anyone who would attempt it. Today such attack will cost a huge amount of money, and no person will want to break an encrypted file-hosted volume that belongs to a common user through this method. So while you can reflect on such possibility in theory, unless you are a dangerous terrorist, you are unlikely to confront it.

Governments are constantly working on supercomputers. You have probably heard about a “quantum computer”. This would be a computer possessing an incredible amount of capacity that could break existing encryption algorithms even with the most sophisticated passwords.

In theory, a similar computer may already exist today. There are occasional rumors about it, but there is no real evidence of that so far.

Therefore you should be aware of the risks of having your password brute forced and the importance of creating a maximum security password with keyfile.

And the main protection here is onion encryption when the information is encrypted several times. First, the files are encrypted by TrueCrypt using one algorithm and then – by AES Crypt that adds another layer of defense with a different algorithm.

Progress never stops. What can’t be defeated today might well be cracked in sever