Segurança criptografando um disco rígido sem PIN adicional ao usar o Windows Truecrpyt?

3

A criptografia de um disco rígido que contém informações confidenciais em um PC via Windows Truecrpyt sem inserir um PIN Truecrpyt adicional durante a inicialização (o comportamento padrão) protege os dados em um disco rígido em caso de roubo?

Assumo o roubo de todo o sistema e o ladrão não sabe logins válidos nessa máquina Windows.

(Eu estou perguntando principalmente por causa do Regulamento Geral de Proteção de Dados que surge na UE, embora a resposta seja independente disso.)

    
por Andreas Reiff 17.03.2018 / 17:36

1 resposta

3

A criptografia de um disco rígido usando o Windows Truecrypt protege os dados?

Vamos simplificar sua pergunta para o acima.

A resposta é não.

Truecrypt não é mais mantido, e pelo menos duas falhas graves foram encontradas.

Windows users who rely on TrueCrypt to encrypt their hard drives have a security problem: a researcher has discovered two serious flaws in the program.

TrueCrypt may have been abandoned by its original developers, but it remains one of the few encryption options for Windows. That keeps researchers interested in finding holes in the program and its spin-offs.

James Forshaw, a member of Google's Project Zero team that regularly finds vulnerabilities in widely used software, has recently discovered two vulnerabilities in the driver that TrueCrypt installs on Windows systems.

The flaws, which were apparently missed in an earlier independent audit of the TrueCrypt source code, could allow attackers to obtain elevated privileges on a system if they have access to a limited user account.

The original authors of TrueCrypt, who have remained anonymous, abruptly shut down the project in May 2014 warning that "it may contain unfixed security issues" and advised users to switch to BitLocker, Microsoft's full-disk encryption feature that's available in certain versions of Windows.

...

Since TrueCrypt is no longer actively maintained, the bugs won't be fixed directly in the program's code. However, they have been fixed in VeraCrypt, an open-source program based on the TrueCrypt code that aims to continue and improve the original project.

VeraCrypt 1.15 that was released Saturday, contains patches for the two vulnerabilities, identified as CVE-2015-7358 and CVE-2015-7359, as well as for other bugs. The program's developer only flagged the CVE-2015-7358 flaw as critical and said that it can be exploited by "abusing drive letter handling."

...

Users who still use TrueCrypt should switch to VeraCrypt as soon as possible. In addition to patches for these two flaws, the program also has other security improvements over its predecessor.

Fonte Nova falha encontrada no TrueCrypt permite o comprometimento total do sistema | CSO Online

    
por 17.03.2018 / 18:11