#TOR, #PDF Password Removal, #TrueCrypt --True Crack'd? Re-examining #Privacy

Update 05/28/2014 - TrueCrypt is now defunct

Skimming through my Zite articles, I found myself bored stiff with the usual fare of pseudo-edtech reform for K-12. Let's see...what could be more engaging, enthralling than reflecting on the decline of modern education?

Ah yes, the stuff of spy novels and movies! Encryption, hidden browsing and privacy! A quick search on Zite, and in no time, I found myself reading shocking information. There, I stumbled across TOR Browser Bundle:
The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.
Tor Browser Bundle--it appears to work--essentially lets you download and run an application that grants you some anonymity while surfing. What's kinda interesting is that if you run Tor Browser Bundle, it makes it seem as if you are--by giving you a different IP address--from somewhere else...like the Phillipines:

Another curious item was Privatix Linux:
Free portable encrypted system on an usb flash drive or an external hard drive for safe editing and carrying along of sensitive data, for encrypted communication and anonymous web surfingNot everyone who finds privacy important while using the internet and communicating or is editing sensitive data always has their own computer with a safely set up operating system and the required tools at their disposal or want to carry it with them.
That's why we created the Privatix Live-System (based on Debian GNU/Linux). It is an easy to operate safe and portable system that can be booted from a cd-rom, an usb flash drive or an external hard drive and ensures your privacy and confidentiality while using the internet and communicating or editing and encrypting sensitive data.
Note that you can get the 631 meg XFCE version of Privatix (that means, light on resources)...it should fit nicely on my 16gig flash drive. I'll have to play with that, so more on that later. 

Another neat discovery was reading about a tool to remove Acrobat PDF passwords, Instant PDF Password Remover. I still recall one grant evaluation firm which prided itself on safeguarding it's confidential grant implementation evaluation reports with a passworded PDF...this would certainly give them pause!

Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDFdocument. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc.
Often we receive password protected PDF documents in the form of mobile bills, bank statements or other financial reports. It is highly inconvenient to remember or type these complex and long passwords.
'Instant PDF Password Remover' helps you to quickly remove the Password from these PDF documents. Thus preventing the need to type these complex/long password every time you open such protected PDF documents.
Since I've given up on using passworded PDFs--my confidence in Adobe was shattered quite some time ago, and to be blunt, I seldom have anything confidential to share with others that take the form of a PDF--I haven't tried out Instant PDF Password Remover. Let me know if you give it a shot, ok?

The most shocking was something called TrueCrack, reputed to be a password cracker for TrueCrypt.org, a tool I've often recommended here at ATC as one of several easy to implement solutions. After the initial shock had passed, i tried to access the original web site that had fed Zite...it was down. The plot, if there was one, thickened.

A quick google search revealed the TrueCrack web site, and I decided to give it a shot. After all, if TrueCrypt has truly been cracked, I may have to change my advice to colleagues who just implemented TrueCrypt in their organization as an inexpensive, easy to use privacy protection tool for their documents and data.
TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volume files. It works on Linux and it is optimized with Nvidia Cuda technology.
It works with cripted volumes with the following algorithms:
  • PBKDF2 (defined in PKCS5 v2.0) based on RIPEMD160 Key derivation function.
  • XTS block cipher mode of operation used for hard disk encryption based on AES.
TrueCrack can work in two different modes of use:
  • Dictionary attack: read the passwords from a file of words (one password for line).
  • Charset attack: generate the passwords from a charset of symbols defined by the user (for example: all possible strings of n characters from the charset "abc" ).
Unfortunately, TrueCrack wouldn't unzip or untar for me (tar xzvf true*.gz) so...that experiment ended quickly. Of course, then I read this remark about TCBrute and all my security went out the window. Even though I'm not safeguarding anything but personal records, work files that are confidential, it is a concern to think that TrueCrypt may do nothing but stop the computer illiterate from getting into your stuff...someone talented, well, c'est la vie.

For now, TrueCrypt remains safe against me...if I forget my password, I'll never get in! Haha.

In the meantime, maybe it's time to just use AESCrypt.com and ultra-long passwords.

Get Blog Updates via Email!
Enter your email address:
Delivered by FeedBurner

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure


I suggest to try the new release of TrueCrack version 2.0. It works on Nvidia cuda boards to reduce the time to generate passwords.

Popular posts from this blog

Rough and Ready - #iPad Created Narrated Slideshow

Old Made New: Back to Bunsen Labs Linux (Updated)

The Inside Scoop: EdTech 2020 Virtual Conference #edtech #zoom