jon@xxxxxxx wrote: > [snip] > > Simply put, if you change the passphrase on a PGP Virtual Disk, or a Truecrypt volume, or anything else, it does not change the passphrase on backups of that data. If you restore the data from the backup, the passphrase on the restored file is not the passphrase on the changed one. > > Ignoring the issue of how things were published .... I think the underlying point is that many users, not understanding the difference between the bulk key used to encrypt the data and the passphrase used to protect that bulk key would assume, incorrectly that changing the passphrase would lock out prior users. Clearly a users with a backup copy of an encrypted disk for which they know the passphrase can use the technique described to decode a more recent image of the same encrypted disk even though the owner of the disk may think it safe because the passphrase was changed. In this situation the old user gain access to newer data that they were not supposed to be able to access. This is different from the described restored backup situation in that the user is using a partial restore to circumvent a security mechanism. The re-encyrpt button obviously defeats this attack however it's not clear that real world users actually understand the need to re-encrypt to make pass phrase changes meaningful when backup copies exist. I think this is mostly a documentation issue and perhaps a user interface design issue in that users should be strongly advised to re-encrypt when they change the passphrase. John
