I want to put up two things about about Truecrypt today. First topic is how to generate your own keyfile. Second, is about how to increase the security of your working Truecrypt.
You can basically use any files as a keyfile. However, for the paranoid, you can use the internal keyfile generator.
Just run it off Tools, and you'll be presented with a generator. Move your mouse as randomly as possible for them to generate the encryption strength of the keyfile.
Save them and you'll have your own keyfile. FYI, you can even change the name of the keyfile into inconspicuous filename such as .tmp or .old.
We're coming to the interesting part here. You see, you increase the risk of your Truecrypt being hacked if you left it running. Let's say if it is running at this moment, and there's a program written to intercept your memory, they can see the encryption key which is used to dynamically read/write into your encrypted volume. Let's say you use Windows hibernate option. Some software can be used to extract the hibernate file, and the extract the encryption key which is used to open your encrypted volume.
To combat this issue, make sure you enable the auto-dismount options. As seen here: make sure you tick on Users logs off, Screen saver is launched and Entering power saving mode. As for the bottom part, just make sure Wipe cached passwords on auto-dismount. This should get the system to automatically wipe the password cache (password cache is used to access the encryption key).
Now, there are also some programs that could monitor protected memory. All I can say is: only mount your encrypted volume if you need to access your files. If you have no need for it, do not leave it mounted.
No comments:
Post a Comment