Why is TrueCrypt unsafe? Because people think there are backdoors now and/or on XP systems because of the end of XP patches?

I've used TrueCrypt 6.2a for a long time by mounting encrypted containers as a virtual drive, putting my files in it, and then unmounting. I have good passwords, and I like to think I can put those container files on any PC or storage without worry someone could get into them. Is that wrong?

I've been more worried about a keylogger getting on my PC which is undetected by Anti-Malware Bytes or MS Security Essentials or Bit Defender capturing and sending my passwords to a bad guy. When I install various free software from Asia or Europe, I always worry.

Do I really need to worry that my TrueCrypt 6.2a containers could have security holes or backdoors in them?

Ref: https://www.yahoophonenumber.net/blog/yahoo-password-recovery

Password Recovery bundle was used to a great program for recovering Windows password. But it didn't update for a couple of years. And it doesn't work on the latest Windows 10. So if you need to reset forgotten password of Windows 10, I suggest to look at this tutorial instead: http://www.uukeys.com/reset-windows-10-password.html

try starting the computer in Safe Mode. Supposedly this will enable the built-in Administrator
account for the one session. The default password may be a blank. Get into Safe Mode by repeatedly tapping the F8 key as the computer is starting up. If this works for you, then you can set a new password for your normal account.
If this didn't word,then a password recovery utility is available for you,from gg ,i found this effective tool: iSeePassword Windows Password recovery:
http://www.iseepassword.com/recover-forgotten-windows-8-password.html

I hope this information was helpful…

flawless install & etc.

few improvements:

Total Commander password should be in
//Start Recovery, FTP Passwords//
will be nice add support for DoubleCommander password
- probably the same file wcx.ini

Other password
will be nice to add TightVNC password
--

Password attack - there is time elapsed info - much interesting
will be estimated time to end a phase - 3 chars, 4 chars, 5 chars....
and total estimated time to finish proccess counted by first crunching
with 3chars or 4chars

#39 -----Inability to copy and paste--
I have found that sometimes when CONTROL plus C does not work, using COPY from the right-click menu does work. Then use PASTE from right-click menu instead of CONTROL plus V. Sometimes one method works when the other does not.

Thanks #26 Jimbo. I too could not get this to get beyond frozen until I exited Anvir. Also, Avast didn't initially trust it and insisted on running a "deep scan" during installation before giving it the all clear. While this was occurring, the installer reports a corrupt file until Avast is finished. Eventually, after exiting Anvir, I am able to enter the registration and Ctrl+V paste (not sure what #39 DaveS's problem was) the license key in. It easily lists browser passwords, some of which must have been automatically set, because I did not create them. Interesting program. Because I use KeePass and have multiple backups of its database file, I doubt that I'll ever need this program except to see how vulnerable I might be, and to see what passwords browsers set that I don't even know about. FYI- none of my TrueCrypt passwords showed up in any scans. But passwords in Chrome ... uhhh got them, no brute force necessary. Yikes!

Thank you Jimbo, for the Anvir tip.

Couple other issues I saw. You can't copy and paste the key into the registration field. LAME. Also when I typed it in I had one wrong character (with my font set it was hard to tell the letter 'O' from a zero so I had it wrong the first time but corrected it. After the first fail stating wrong registration key I corrected it but it still failed. I triple checked it and it was correct the second time but apparently because it failed once it would not allow me to register until I completely closed the program and typed it in again. BTW paste showed up on a right click in the field but wouldn't paste and Control-V wouldn't paste it either. Annoying.

Installed on Win7 and activated okay. I then burned the Windows Password rescue to CD. Booted up the CD then tried to reset password and it said that function is only available on the full version. I tried the other option and got the same answer. The Windows password part is worthless. Wasted a good CD :( Tried a brute force attack on a PDF file. On a very fast computer it got to about 5 characters in around 15 minutes. For each character you add it gets vastly more time consuming. It was still trying 5 character passwords after 25 minutes. I can imagine it taking many months to get to around 8 character passwords and anyone using much less than that is wasting their time even having a password. So unless you know a partial password or only have forgotten a small part of it this seems fairly useless.

Using windows 7 Pro, 64bit, 7zip to create a password protected zip file. Added a entry to the dictionary for the password, and it cannot find the password with a dictionary attack...

Tried a simply password already in the dictionary, and it still will not find with dictionary.

Used 7zip to decrypt and works fine...
Needs work...

#16. For your situation this software is of no use.

However in that situation it will help if you click on "I forgot my password".

#17. FALSE! You just spread panic and make people use one password everywhere, don't do that.
I explain: if you set a Master Password first then you can save all your passwords in ALL browsers (it's just like in LastPass or RoboForm, both have master password).

#15: I won't be using today's offering, but if I were to use it, I would disconnect my computer from the net, and when it runs, ensure that the programme doesn't try to connect to anything. I would also check in ZoneAlarm to make sure the programme is not allowed to access the net. I would only then reconnect to the net.

Your concerns are the same reason I don't use programmes that offer to remember all my passwords for me. I just don't want to risk them collecting the passwords and then sending them somewhere. Better paranoid, er, safe than sorry. :-)

Does anyone have suggestions for windows user startup/login password recovery for xp. Thanks

Why is TrueCrypt unsafe? Because people think there are backdoors now and/or on XP systems because of the end of XP patches?

I've used TrueCrypt 6.2a for a long time by mounting encrypted containers as a virtual drive, putting my files in it, and then unmounting. I have good passwords, and I like to think I can put those container files on any PC or storage without worry someone could get into them. Is that wrong?

I've been more worried about a keylogger getting on my PC which is undetected by Anti-Malware Bytes or MS Security Essentials or Bit Defender capturing and sending my passwords to a bad guy. When I install various free software from Asia or Europe, I always worry.

Do I really need to worry that my TrueCrypt 6.2a containers could have security holes or backdoors in them?

"A short advice : If your password can be recovered with such a tool, you don’t need a password."

Exactly


"A good password recovery tool with a bootable .ISO to reset your windows password."
Even simpler, http://pcsupport.about.com/od/windows7/ht/reset-password-windows-7.htm

to the poster of #15. You say that you are concerned about your password information being "sent home". That's a valid concern, but you're clearly not using a decent non-Microsoft firewall that can block applications from getting to the Internet to send stuff out. A password recovery tool, particularly one that can't be updated without the loss of it's "free" status, has no business in accessing the Internet at all, so blocking it in a firewall would resolve all doubt. If you're not using a good firewall, you might as well use IE as your browser (which is also blocked from accessing the Internet in my firewalls). So why act concerned about this one program if you aren't using protection?

Not bad. Going to give a run but a word to the wise (or unwise). Do not use such a tool at work. If you forgot your password, call your IT help desk. If you run such a tool online, don't be surprised if, 1) you get fired. 2) A group of IT types come repelling down from the overhead and put you face down on the ground. Even from the IT side of the fence, we don't run such programs without our manager being aware and the network security monkeys are notified. Last time one of my team ran a .pst password recovery software, he almost got the door so just saying, be carful running this on anything outside your home network, even just to test it out.

Installed and registered fine win 7 64bit ran 3 different trials all Failed in finding the passwords, even supplying partial password it failed. Using the boot up /iso it wont work says have to purchase the full version??? What gives. Will wait to see if the company comes on here to bother and tall us why the boot up iso isn't showing up registered. until then you can just make one using the original windows install disk.

If you REALLY need to find this, and just how insecure your system actually is, download Belarc. There's not much it won't tell you about your sys for free!

http://belarc.com/free_download.html

Nice program but does not play well with Anvir Task Manager (a previous favorite on GAOTD). It locks up once started and you can't close it, register or get any response. Once I tried exiting Anvir Task Manager everything worked fine. This is the first program I've every had that won't run with Anvir Task Manager. I had to force stop the Password recovery with Windows task manager. So if you have Anvir and want to use this you will likely need to exit it to use the Password recovery program. Not a huge problem but it would be better if that was fixed.

Same issue as Joe (Comment 10). All works well until I use bootup iso/disk. Saying I should ‘purchase the full version’. Any ideas please GAOTD? My son forgot his password on his notebook and I was excited when this GAOTD was offered, then disappointed when the Windows reset disk did not work. Good giveaway though for other passwords. Thanks GAOTD for doing such a great job!

That is annoying that the Windows password recovery disk needs an additional purchase to work, but I think most people know that there's a simple free alternative. Just search online for "Offline NT Password & Registry Editor".

#1 Slaikka Actually, nothing is safe from NSA or any government which wishes to check as they have a software that can decipher in matter of a few hours even the toughest password of 25 digits (letters and whatever else). So keep your password encrypted and avoid doing anything controversial. It's a pity that's the way today. And any software or website has to give information to a government if requested.
So nothing is safe. Sorry!

Just write your diary or anything too personal away from the computer...
Interesting software by the way.

As "Me" says, I wonder if it would be safe? I would only be interested to try for one particular word document that I put a password on decades ago and simply can't remember. Have always been told that Word passwords are mission impossible. I no longer even remember what was in that document, I am more curious than anything, but not sure if it is worth the risk to experiment.
Do you get a choice of what password you want it to look at, or will it just automatically look for them all?

>On pressing the start recovery button and drop-down list was offered to choose from, I chose my Firefox browser and a split second later a page of URLs and their passwords were presented, much to my astonishment !

Come on if you have a Master Password set in Firefox it prompts you to enter it !!!, how it this Recovery !!!

To Run in Windows it requires a Admin userid and password.

This program is a joke, not even a Beta/Free listing would make me used this, and "calling it Pro", what does the none Pro version then do.

When using this program to re-set Windows password, it asks whether you want use your flash drive and then asks whether to use MBR or GPT. With either choice, the program then informs me that it will destroy all existing data on the flash drive. Is there some way to avoid this?

#9 Dale, let me add the following to your comment:

Never, never, NEVER check the box that says, "Remember passwords for sites", for ANY browser!

Installed and registered fine on Windows 7 Home Premium 64-bit.

Created the bootable ISO, which burns from an already present ISO image dated 2/14/2014, it should build a new version that includes the registration information. That being said it's useless for recovering lost Windows login passwords. The remaining features that I tested work OK.

Thanks GOTD keep up the good work!

It would be useful if it was portable so it could be used on any computer. I'm sure everyone has run into the following situation.

"I can't access my e-mail."
"What what is your password?"
"I forget."

How do we know this isn't a password stealer posting as a Password Recovery? Is there a way to see all of the information requested or transmitted from your computer to the net and control it? Many programs access our computers via the net and I never see what they get and wonder.

Great software! I have forgotten Windows 8 login password on Dell laptop with UEFI BIOS. I have tried many freeware (such as Ophcrack, Offline NT Password & Registry Editor) but no luck. After creating a GPT boot USB media using Password Recovery Bundle, it can boot off my computer in UEFI mode and reset the password successfully. Thanks a lot!

Same issue as Joe (Comment 10). All works well until I use bootup iso/disk. Saying I should 'purchase the full version'. Any ideas please GOTD? Many thanks, J

#9 Dale.
Thanks for the info, you learn something new everyday.

A bit of a surprise as it totally defeats the purpose of having passwords, strange!

Downloaded this program because it claims to be able to reset my Windows password. Installed fine and registered it. Reopened the program and it now shows that I have a registered full version. Then I created the Windows boot disk and restarted my computer. The program opened with the password recovery screen just as described in the Help menu. Then when I tried to reset a password I was given the error "This program is compatible with your computer, please purchase the full version." Completely useless for my purpose!

@#3 XPMan
It is not so surprising that PRB2014 found your Firefox browser passwords so quickly. You can do it yourself almost as fast. Just press Menu, Options, Security (tab), Saved Passwords, Show Passwords.
There they are for all to see!
Similarly, this program appears to merely know the resting places of other programs stored passwords, no decoding needed.

#5. Tom H


License Crawler is very good, but it's used to retrieve KEY LICENSES of paid software....so it has nothing to do with this GAOTD.

another free alternative for retrieve passwords for popular instant messengers, email clients, web browsers, FTP clients and many other applications: recALL at http://keit.co/p/recall

If you are going to migrate from TrueCrypt to another system why not use a compression program; that is zip or rar, always available with good security, the fact that they have been around so long probably means there is no backdoor for the NSA to use.

One big problem is always creating a good password that you can remember; one possible method is based on fixed mathematical numbers, you don't have to remember the number merely the way of finding it.

For instance I was born in 1942 so I could make my password the 1942 Fibonacci number and if I wanted a complicated further split this number into groups of 2 to represent ASCII text of these numbers and use this as the password. A long password that is easy to get back to by only remembering a short statement, Fibonacci 1942 as text!

Installed and registered successfully. Works quickly and quite revealingly, but I'm pleased to see that my critical passwords, e.g., banks, health and other insurances, tax office, and similar sensitive passwords were not recovered. Makes me feel a little safer.

Ok for retrieving password but rar recovery password software does not work.A well thought password could take a thousand years to guess try it and see.Been using free "License Crawler" for years retrieving passwords and happy with it http://www.klinzmann.name/licensecrawler.htm

Ps. @ Karl (TrueCrypt)
http://askleo.com/is-truecrypt-dead/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ask-leo+%28Ask+Leo%21%29

If you use a good password manager like Sticky Password or the freeware Passwordbox, the risk to be hacked is very low and there is no need to recover any passwords for Windows, email clients or for your browsers.

Hackers usually attack online databases (eBay, for instance) and the cloud storage services and don't care about ordinary home users like XPman or me...LOL!

This GAOTD is very useful to retrieve passwords for PDF, ZIP, RAR or Office docs, should you forget the password used to protect them.

And can also reset your lost administrator password to login into Windows.

THUMBS UP!

BEST FREE ALTERNATIVES

http://securityxploded.com/sxpasswordsuite.php
http://www.appnimi.com/component/jdownloads/viewdownload/2-windows/15-appnimi-all-in-one-password-unlocker?Itemid=0#.U4mQvXK1ZCg

Enjoy! ^_^

After a simple installation and registration an equally simple interface was presented.

On pressing the start recovery button and drop-down list was offered to choose from, I chose my Firefox browser and a split second later a page of URLs and their passwords were presented, much to my astonishment !

Must admit I was very impressed with the performance of this program and look forward to testing it further.

Just shows how insecure we are, even more so now that True Crypt developers have announced that it is not secure and are finishing development of it.

Most certainly a keeper for me, been looking for one of the passwords in my browser for ages :-)

Just look at these FREE alternatives..
Nirsoft has lots of other freeware utils too,and is very trustworthy.

NIRSOFT Windows Password Recovery Tools:
http://www.nirsoft.net/password_recovery_tools.html

8 Free Windows Password Recovery Tools:
http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm

Lazesoft Recover My Password Home Edition
http://www.lazesoft.com/forgot-windows-admin-password-recovery-freeware.html

Top 5 Best Free Windows Password Recovery Tools:
http://www.top5freeware.com/windows-password-recovery-tools

Passware Free Password Recovery Software:
http://www.lostpassword.com/free.htm

Installed and registered without problems on a Win 8.1 Pro 64 bit system.

A company without name and address - but a phone number and photo of a building...

Claims : Provide the best software to recover passwords for
Windows, SQL Server, PDF, Word, Excel, Outlook, FTP, Email, etc.

A short advice : If your password can be recovered with such a tool, you don't need a password.

Upon start a small, resizable window. You have a lot of options for retrieving passwords. Some are simply stored in a windows location or "hidden" behind the windows asterix. These can be easily retrieved.

For others ...

Take WinRAR for example. This program knows the BruteForce Attack - with the subset of the Mask Attack if a part of the password is known. If you have some million years time, this works for a longer password.

The program knows also dictionary attack - which is the only way to recover a password with some probability. There is a small dictionary file 6meg. Search for the really big ones in the I-Net. And if you find YOUR password in such a dictionary: DO NOT USE IT!

My verdict: A good password recovery tool with a bootable .ISO to reset your windows password.

And to this theme :
Some words to TrueCrypt.

It has been said recently, that TrueCrypt is unsafe. See the warning on the TrueCrypt Site:
http://truecrypt.sourceforge.net/

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

On this site the advice to change to Bitlocker. Bitlocker and safe? LOL - must be a joke!
Migrating from TrueCrypt to BitLocker:

There is a hidden message!
Take the first letters of the warning:

"uti nsa im cu si" now put this in the google translator, from Latin to English and you receive...

"If I wish to use the NSA" LOL

My opinion : TrueCrypt is still safe in the version 7.1. DON'T use the version 7.2 - if you want to change, change to freeOTE from Sarah Dean, who disappeared (for the same reason???). Due to the unsigned drivers it does not work any more on 64 bit systems. Download the version 5.21 from a reliable source!

And if you rely on a German company (which may have a backdoor, too - but does not cooperate with the NSA? IMHO) search for "Vollversion: Steganos Safe 14". The full version is free for some days and downloadable from Chip (some German language knowledge needed).