Version Information


Changing Passwords and Keyfiles



Yüklə 5,12 Kb.
Pdf görüntüsü
səhifə76/130
tarix07.01.2024
ölçüsü5,12 Kb.
#205371
1   ...   72   73   74   75   76   77   78   79   ...   130
TrueCrypt User Guide

Changing Passwords and Keyfiles 
Note that the volume header (which is encrypted with a header key derived from a 
password/keyfile) contains the master key (not to be confused with the password) with which the 
volume is encrypted. If an adversary is allowed to make a copy of your volume before you change 
the volume password and/or keyfile(s), he may be able to use his copy or fragment (the old 
header) of the TrueCrypt volume to mount your volume using a compromised password and/or 
compromised keyfiles that were necessary to mount the volume before you changed the volume 
password and/or keyfile(s).
If you are not sure whether an adversary knows your password (or has your keyfiles) and whether 
he has a copy of your volume when you need to change its password and/or keyfiles, it is strongly 
recommended that you create a new TrueCrypt volume and move files from the old volume to the 
new volume (the new volume will have a different master key). 
Also note that if an adversary knows your password (or has your keyfiles) and has access to your 
volume, he may be able to retrieve and keep its master key. If he does, he may be able to decrypt 
your volume even after you change its password and/or keyfile(s) (because the master key does 
not change when you change the volume password and/or keyfiles). In such a case, create a new 
TrueCrypt volume and move all files from the old volume to this new one. 
The following sections of this chapter contain additional information pertaining to possible security 
issues connected with changing passwords and/or keyfiles: 

Security Requirements and Precautions 

Journaling File Systems 

Defragmenting 

Reallocated Sectors 
Trim Operation 
Some storage devices (e.g., some solid-state drives, including USB flash drives) use so-called 
‘trim’ operation to mark drive sectors as free e.g. when a file is deleted. Consequently, such 
sectors may contain unencrypted zeroes or other undefined data (unencrypted) even if they are 
located within a part of the drive that is encrypted by TrueCrypt. TrueCrypt does not block the trim 
operation on partitions that are within the key scope of system encryption (see chapter 
System 
Encryption
) (unless a hidden operating system is running – see section 
Hidden Operating System

and under Linux on all volumes that use the Linux native kernel cryptographic services. In those 
cases, the adversary will be able to tell which sectors contain free space (and may be able to use 
this information for further analysis and attacks) and plausible deniability (see chapter 
Plausible 
Deniability
) may be negatively affected. If you want to avoid those issues, do not use system 
encryption on drives that use the trim operation and, under Linux, either configure TrueCrypt not to 


93 
use the Linux native kernel cryptographic services or make sure TrueCrypt volumes are not 
located on drives that use the trim operation. 
To find out whether a device uses the trim operation, please refer to documentation supplied with 
the device or contact the vendor/manufacturer. 

Yüklə 5,12 Kb.

Dostları ilə paylaş:
1   ...   72   73   74   75   76   77   78   79   ...   130




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin