truecrypt volume - how hard to crack

buachille · 14 Apr 2007 at 18:53

had a bad day today. was hill walking with the family and the vehicle was parked in a remote car park at the bottom of the hills.

when we got back to the vehicle it had been broken into and 2 expensive drills, 1 mobile phone, 1 bluetooth headset, some cash, and an external portable hard drive, had all been stolen. total value about £1,000.

anyway, the external hard drive contained a back up copy of all our company files (everything), all my family videos and pictures, and all my other documents.

it was encrypted with truecrypt and i used a very secure password. i don't care about the loss of the hdd. i am just about to buy a replacement. and i feel pretty secure about losing the data as i reckon this will be sold on by junkies and the new owner will just delete the encrypted volume on the drive and use it for his own stuff.

but my question is this:

how hard would it be, for someone who was curious, to access a truecrypt volume with a very strong password. i think that it could only be opened by a very skilled hacker. am i right?

i don't want all our company info and all my family pics and vids viewed by some scumbag.

so how safe is it do you think.

all opinions welcome.

michael baxter · 14 Apr 2007 at 18:58

If it has been encrypted with a decent algorithm (AES256 for example) and the software isn't flawed, then it won't be possible to decrypt in any reasonable time at all. More to the point, would anyone even try?

Well done in being prepared for such an eventuality!

garyh · 14 Apr 2007 at 18:59

With a decent password it would take quite literally years to crack and would require MEGA CPU processing to complete... so providing you used a non-dictionary pass phrase then you're perfectly fine

GraemeUK · 14 Apr 2007 at 19:06

If the mindless scum are having to resort to this type of career to make money the chances are they won't have the brains to even figure out the drive is encrypted and probably just think its broke. I hope they are caught and their balls are cut off.

buachille · 14 Apr 2007 at 19:07

thanks for that.

i can confirm that the password was far from anything that you'd find in a dictionary. no words and plenty of upper and lower case and numbers.

buachille · 14 Apr 2007 at 19:11

If the mindless scum are having to resort to this type of career to make money the chances are they won't have the brains to even figure out the drive is encrypted and probably just think its broke. I hope they are caught and their balls are cut off.

i feel you are correct about their brain power, and i couldn't agree more with your last sentence!!!!

Burnsy2023 · 14 Apr 2007 at 19:40

buachille said:
thanks for that.

i can confirm that the password was far from anything that you'd find in a dictionary. no words and plenty of upper and lower case and numbers.

I think if you calculated a brute force attempt at decryption you'd be measuring the time in 'universe ages' rather than years or centuries.

Burnsy

masterk · 14 Apr 2007 at 20:38

This happened to a woman who worked at an insurance company (forget the name), her laptop was nicked and she had information about employees on there, the IT manager lost his job and they were fined £30,000 if i recall.

GraemeUK · 14 Apr 2007 at 21:37

masterk said:
This happened to a woman who worked at an insurance company (forget the name), her laptop was nicked and she had information about employees on there, the IT manager lost his job and they were fined £30,000 if i recall.

Thats helpful :rolleyes:

buachille · 14 Apr 2007 at 23:24

masterk said:
This happened to a woman who worked at an insurance company (forget the name), her laptop was nicked and she had information about employees on there, the IT manager lost his job and they were fined £30,000 if i recall.

so do you think the junkies will fine me £30,000 for them not being able to crack my files then??

lay-z-boy · 14 Apr 2007 at 23:58

GraemeUK said:
Thats helpful

Indeed.....

OP: Seems you are one step ahead, its paid off in this situation, give yourself a pat on the back

buachille · 15 Apr 2007 at 00:42

OP: Seems you are one step ahead, its paid off in this situation, give yourself a pat on the back

ta

saffyre · 15 Apr 2007 at 03:29

AFAIK with a 256bit key the AES encryption algorithms have been approved for use with the US militarys top secret documents

. Plus unless you know what your looking for the hdd will appear to be populated with random data.

stoofa · 15 Apr 2007 at 03:56

masterk said:
This happened to a woman who worked at an insurance company (forget the name), her laptop was nicked and she had information about employees on there, the IT manager lost his job and they were fined £30,000 if i recall.

A totally OT post if ever I saw one.
Just pleased I didn't work for said company.
I can provide my users with all the tools and secuirty gadgets in the world - if however they are going to be stupid enough to leave anything so valuable in a car....really nothing I can do about it.