You hear it all the time on technology blogs. You've even heard about it here on Tech Chop in episode 14. You should be protecting your hard drives using full hard drive encryption, or at least protecting your files using some kind of encryption. Let's say you've headed that advice. Are your files safe?

It would appear so. At least from hackers operating remotely. That includes shady people that might work for say Google or Drop Box. Now I'm not saying that people at Google or Drop Box are necessarily shady, but if you are putting your Truecrypt volumes in the cloud using their storage technologies, you really don't know who has access to it do you?

In this episode we took a look at two tools. Truecrack and Unprotect.info. The first one is a bruteforce and dictionary attack tool that runs on Linux and is designed to break into your Truecrypt volume. The second is a GUI tool for Windows designed to brute-force your Truecrypt volumes as well. Some guy at Drop Box could potentially make a copy of your Truecrypt volume that you've stored on their servers and run one of these tools against it. Will he get in? In short, probably not. Especially if your password is complex enough.

I ran the GUI tool against a test volume I created using the simple password of abc123, and the tool would have taken two years to break into it. I'm pretty sure an attacker is not going to waste two years of their life to break into your files.

The last tool I talk about in the video though is a professional forensics tool called Passware Kit Enterprise. This tool has a cold-boot attack program built into it's suite which is designed to grab your encryption keys out of memory. This sort of attack is very difficult to protect yourself from unless you have very good physical security. With this sort of attack it's not hackers you have to worry about, it's the government.

In short, continue to encrypt your files. These password guessing attack tools are pretty much useless if you use complex passwords, and the memory dump attack tools are only effective if the attacker has physical access to your computer.