On Wed, 24 May 2006 thesinoda@xxxxxxxxxxx wrote: > Steps to access PGP Encrypted Disk (Passphrase) using a Backdoor type attack > [...] > * Now say you give that disk to someone and they changed the > passphrase on it. You can still access it Intuitively, the system works as follows: a random key K is used to encrypt all the data on the volume; the passphrase is used to encrypt the key K. This design allows to change the passphrase without reencrypting the whole drive (only K needs to be reencrypted). One well-known side-effect is that if one knows K he can decrypt the data. There is no `security bug' in a program -- it is just the user who does not even bother to read the FAQ <http://www.truecrypt.org/faq.php>: Q: Is it secure to create a new container by cloning an existing container? A: You should always use the Volume Creation Wizard to create a new TrueCrypt volume. [...] Btw, an `attack' similar to the one you described is also explained in the same document: Q: We use TrueCrypt in a corporate environment. Is there a way for an administrator to reset a password when a user forgets it? A: There is no "back door" implemented in TrueCrypt. However, there is a way to "reset" a TrueCrypt volume password/keyfile. After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header (Tools -> Restore Volume Header). -- Regards, ASK
