Does anyone remember seeing this? I really want to know if there was an update to his case. I thought I saw it on HN but I can NOT for the life of me find it now anywhere. Normally I’m not one to buy into “XYZ scrubbed QWERTY from the internet”, but I absolutely can not find this story ANYWHERE now and it seems like it should be easily found with keywords.
If anyone interested has a Twitter account, would you mind searching there for Truecrypt and Veracrypt to see what comes up? That’s the one place I haven’t looked because I don’t have an account.
I suspect you are remembering this event from April, but it was actually related to Linux LUKS encryption: https://mjg59.dreamwidth.org/66429.html .
That said, even with an older key derivation scheme, it seems unlikely they did a full brute force. Guessing they had some unreleased info that helped them open it.
VeraCrypt was created as a fork of TrueCrypt because TrueCrypt underwent a code audit and they felt it wasn’t secure enough. Older version of VeraCrypt were also found to have vulnerabilities. It’s a never ending race between castle walls and cannonballs when it comes to this stuff. Maybe the journalist had TrueCrypt or an older unpatched version of VeraCrypt.
I remember this also as I was contemplating my encryption options at the time. Pretty certain the individual was French. But for the life of me I can’t find anything anywhere. Makes me wonder.
Very scary if true. 30+ characters should be more than enough, not withstanding variables like using a password vs a pass phrase, if it was generated by a computer or human, etc, but very very scary.
Basically this goes to show that, again, if you’re on a nation states radar their is almost nothing you can do to stop them.
I asked bing chat AI, chatgpt4 (and crappy bard) and none could find such a story.
Chatgpt4:
"Unfortunately, I was not able to locate the specific story you mentioned about an individual whose Veracrypt or TrueCrypt passphrase was cracked by authorities. However, I did find information that suggests such an event is plausible.
Elcomsoft, a company that sells forensic software, announced that they had successfully cracked the latest version of Veracrypt, a fork of the now-discontinued TrueCrypt. This was achieved using an updated version of the Elcomsoft Forensic Disk Decryptor, which extracts on-the-fly encryption keys from a computer’s RAM. These keys, once captured, can be used to decrypt the hard drive without having to run brute force attacks1. This does not directly answer your question, but it provides some context on the potential vulnerabilities of Veracrypt.
I have searched through numerous sources, including Hacker News, but I could not find a story that matches your description. There are many reasons why this could be the case, such as the story being removed, incorrectly recalled details, or simply the limitations of my current search capabilities"
deleted by creator
Can’t find anything on Twitter about that.
I do remember reading that but it was on Twitter and I can’t find it any longer. If I recall correctly it was an activist who was arrested.
If the user was using Windows, fast startup could have been enabled so they were able to extract the password from the RAM maybe? Other than that I don’t know
Late response, I haven’t been on this account recently…
I understand that fastboot and similar things like the hive file if that’s what it’s called (ram writes to disk) or just a very quick tool/technique for cold booting/freezing RAM, but can just have fastboot enabled, enable them to extract the decryption key from RAM or disk?
I thought VeraCrypt started before everything… like a Linux bootloader.
Yeah I don’t know
