• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

TrueCrypt question

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware

View previous topic :: View next topic  
Author Message
D1g1t
Just Arrived
Just Arrived


Joined: 10 Dec 2008
Posts: 0


Offline

PostPosted: Fri Jan 23, 2009 4:50 pm    Post subject: TrueCrypt question Reply with quote

Is it secure to keep Firefox's profile with saved passwords in the TrueCrypt file container? As far as i understand, when the file isn't mounted, it is secure, until someone knows the password, but what about when the file is mounted as a logical disk and Firefox is running? Can the passwords be extracted somehow with a malware or hacker? Thanks
Back to top
View user's profile Send private message
Carlo Gambino
Just Arrived
Just Arrived


Joined: 20 Feb 2008
Posts: 3
Location: Ohio, USA

Offline

PostPosted: Fri Jan 30, 2009 3:47 pm    Post subject: Reply with quote

It all depends on the security of your machine. If you load a truecrypt container on an infected machine, the security is compromised immediately. When you transmit data over the network, it is also vulnerable.

The truth is that if someone wants your data, they'll likely get it.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
D1g1t
Just Arrived
Just Arrived


Joined: 10 Dec 2008
Posts: 0


Offline

PostPosted: Fri Jan 30, 2009 4:39 pm    Post subject: Reply with quote

So, it means that TrueCrypt protects my data only from people that can physically acces my PC? And storing passwords in vulnerable places, like the profile of FireFox, or ftp passwords in Total Commander, is absolutely pointless, even if they are TruCrypted, if i work on the PC most of the time and the TrueCrypt volume is mounted?
Back to top
View user's profile Send private message
Elderan
Just Arrived
Just Arrived


Joined: 08 Jun 2007
Posts: 0


Offline

PostPosted: Fri Jan 30, 2009 11:38 pm    Post subject: Reply with quote

Hi,
thats right. If the volume is mounted, the protection of TrueCrypt is useless against attacker.
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Sat Jan 31, 2009 1:52 am    Post subject: Reply with quote

Since the TrueCrypt file system would be mounted, it would definitely by vulnerable to compromise during this time. If a zero-day exploit comes out for FF that attacks the profile, you could be owned.

I would suggest that you use store all your password in a TrueCrypt container and mount it only when necessary.
Back to top
View user's profile Send private message
D1g1t
Just Arrived
Just Arrived


Joined: 10 Dec 2008
Posts: 0


Offline

PostPosted: Mon Feb 02, 2009 12:18 pm    Post subject: Reply with quote

Huh, bad news.
Anyways, thanks for clearing this out Smile
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register