Embedded Backup Headers
Each TrueCrypt volume created by TrueCrypt 6.0 or later contains an embedded backup header,
located at the end of the volume (see above). The header backup is
not
a copy of the volume header
because it is encrypted with a different header key derived using a different salt (see the section
Header Key Derivation, Salt, and Iteration Count
).
When the volume password and/or keyfiles are changed, or when the header is restored from the
embedded (or an external) header backup, both the volume header and the backup header
(embedded in the volume) are re-encrypted with different header keys (derived using newly
generated salts – the salt for the volume header is different from the salt for the backup header).
Each salt is generated by the TrueCrypt random number generator (see the section
Random Number
Generator
).
For more information about header backups, see the subsection
Tools -> Restore Volume Header
in
the chapter
Main Program Window
.
*
Provided that the options
Quick Format
and
Dynamic
are disabled and provided that the volume does not contain a filesystem that
has been encrypted in place (note that TrueCrypt does not allow the user to create a hidden volume within such a volume).
145
Compliance with Standards and Specifications
To our best knowledge, TrueCrypt complies with the following standards, specifications, and
recommendations:
•
ISO/IEC 10118-3:2004 [21]
•
FIPS 197 [3]
•
FIPS 198 [22]
•
FIPS 180-2 [14]
•
NIST SP 800-3E [24]
•
PKCS #5 v2.0 [7]
•
PKCS #11 v2.20 [23]
The correctness of the implementations of the encryption algorithms can be verified using test
vectors (select
Tools
>
Test Vectors
) or by examining the source code of TrueCrypt.
Source Code
TrueCrypt is open-source and free software. The complete source code of TrueCrypt (written in C,
C++, and assembly) is freely available for peer review at:
http://www.truecrypt.org/
|