Version Information


Authenticity and Integrity



Yüklə 5,12 Kb.
Pdf görüntüsü
səhifə75/130
tarix07.01.2024
ölçüsü5,12 Kb.
#205371
1   ...   71   72   73   74   75   76   77   78   ...   130
TrueCrypt User Guide

Authenticity and Integrity 
TrueCrypt uses encryption to preserve the 
confidentiality
of data it encrypts. TrueCrypt neither 
preserves nor verifies the integrity or authenticity of data it encrypts or decrypts. Hence, if you 
allow an adversary to modify data encrypted by TrueCrypt, he can set the value of any 16-byte 
block of the data to a random value or to a previous value, which he was able to obtain in the past. 
Note that the adversary cannot choose the value that you will obtain when TrueCrypt decrypts the 
modified block — the value will be random — unless the attacker restores an older version of the 
encrypted block, which he was able to obtain in the past. It is your responsibility to verify the 
integrity and authenticity of data encrypted or decrypted by TrueCrypt (for example, by using 
appropriate third-party software). 
See also:  
Physical Security
,  
Security Model
 
Choosing Passwords and Keyfiles 
It is very important that you choose a good password. You must avoid choosing one that contains 
only a single word that can be found in a dictionary (or a combination of such words). It must not 
contain any names, dates of birth, account numbers, or any other items that could be easy to 
guess. A good password is a random combination of upper and lower case letters, numbers, and 
special characters, such as @ ^ = $ * + etc. We strongly recommend choosing a password 
consisting of more than 20 characters (the longer, the better). Short passwords are easy to crack 
using brute-force techniques.
To make brute-force attacks on a keyfile infeasible, the size of the keyfile must be at least 30 
bytes. If a volume uses multiple keyfiles, then at least one of the keyfiles must be 30 bytes in size 
or larger. Note that the 30-byte limit assumes a large amount of entropy in the keyfile. If the first 
1024 kilobytes of a file contain only a small amount of entropy, it must not be used as a keyfile 
(regardless of the file size). If you are not sure what entropy means, we recommend that you let 
TrueCrypt generate a file with random content and that you use it as a keyfile (select 
Tools -> 
Keyfile Generator
). 


92 
When creating a volume, encrypting a system partition/drive, or changing passwords/keyfiles, you 
must not allow any third party to choose or modify the password/keyfile(s) before/while the volume 
is created or the password/keyfiles(s) changed. For example, you must not use any password 
generators (whether website applications or locally run programs) where you are not sure that they 
are high-quality and uncontrolled by an attacker, and keyfiles must not be files that you download 
from the internet or that are accessible to other users of the computer (whether they are 
administrators or not).

Yüklə 5,12 Kb.

Dostları ilə paylaş:
1   ...   71   72   73   74   75   76   77   78   ...   130




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin