TrueCrypt question

Networking/Security Forums -> Cryptographic Software and Hardware

Author: D1g1t PostPosted: Fri Jan 23, 2009 4:50 pm    Post subject: TrueCrypt question
    ----
Is it secure to keep Firefox's profile with saved passwords in the TrueCrypt file container? As far as i understand, when the file isn't mounted, it is secure, until someone knows the password, but what about when the file is mounted as a logical disk and Firefox is running? Can the passwords be extracted somehow with a malware or hacker? Thanks

Author: Carlo GambinoLocation: Ohio, USA PostPosted: Fri Jan 30, 2009 3:47 pm    Post subject:
    ----
It all depends on the security of your machine. If you load a truecrypt container on an infected machine, the security is compromised immediately. When you transmit data over the network, it is also vulnerable.

The truth is that if someone wants your data, they'll likely get it.

Author: D1g1t PostPosted: Fri Jan 30, 2009 4:39 pm    Post subject:
    ----
So, it means that TrueCrypt protects my data only from people that can physically acces my PC? And storing passwords in vulnerable places, like the profile of FireFox, or ftp passwords in Total Commander, is absolutely pointless, even if they are TruCrypted, if i work on the PC most of the time and the TrueCrypt volume is mounted?

Author: Elderan PostPosted: Fri Jan 30, 2009 11:38 pm    Post subject:
    ----
Hi,
thats right. If the volume is mounted, the protection of TrueCrypt is useless against attacker.

Author: PhiBerLocation: Your MBR PostPosted: Sat Jan 31, 2009 1:52 am    Post subject:
    ----
Since the TrueCrypt file system would be mounted, it would definitely by vulnerable to compromise during this time. If a zero-day exploit comes out for FF that attacks the profile, you could be owned.

I would suggest that you use store all your password in a TrueCrypt container and mount it only when necessary.

Author: D1g1t PostPosted: Mon Feb 02, 2009 12:18 pm    Post subject:
    ----
Huh, bad news.
Anyways, thanks for clearing this out Smile



Networking/Security Forums -> Cryptographic Software and Hardware


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group