On Wed, 24 May 2006 thesinoda@hotmail.com wrote:
Steps to access PGP Encrypted Disk (Passphrase) using a Backdoor type attack
[...]
* Now say you give that disk to someone and they changed the
passphrase on it. You can still access it
Intuitively, the system works as follows: a random key K is used to
encrypt all the data on the volume; the passphrase is used to encrypt
the key K. This design allows to change the passphrase without
reencrypting the whole drive (only K needs to be reencrypted). One
well-known side-effect is that if one knows K he can decrypt the data.
There is no `security bug' in a program --
it is just the user who does not even bother to read the FAQ
<http://www.truecrypt.org/faq.php>:
Q: Is it secure to create a new container by cloning an
existing container?
A: You should always use the Volume Creation Wizard to
create a new TrueCrypt volume. [...]
Btw, an `attack' similar to the one you described is also explained in
the same document:
Q: We use TrueCrypt in a corporate environment. Is there
a way for an administrator to reset a password when a
user forgets it?
A: There is no "back door" implemented in TrueCrypt.
However, there is a way to "reset" a TrueCrypt volume
password/keyfile. After you create a volume, backup its
header (select Tools -> Backup Volume Header) before you
allow a non-admin user to use the volume. Note that the
volume header (which is encrypted with a header key
derived from a password/keyfile) contains the master key
with which the volume is encrypted. Then ask the user to
choose a password, and set it for him/her (Volumes ->
Change Volume Password); or generate a user keyfile for
him/her. Then you can allow the user to use the volume
and to change the password/keyfiles without your
assistance/permission. In case he/she forgets his/her
password or loses his/her keyfile, you can "reset" the
volume password/keyfiles to your original admin
password/keyfiles by restoring the volume header (Tools
-> Restore Volume Header).
--
Regards,
ASK
