--Adonis Comment-- I do not agree with some of truecrypt comments specially the quoted text below. What if you had created a virtual disk and give that to someone. That someone use it as his/her own disk and decided to change the password because they own the disk now (You give them to them with the pass). So they did change the passowrd, but the originator can still access that disk if he/she replace the passphrase bytes in the binary file. So I consider this an attack on data INTEGRITY and data AVAILABILITY since the legitimate user will be denied access to the disk after replacing the passphrase bytes. -- End Comment-- ==================================================================== "In conclusion, this is not a "security bug", but design/feature. Also, to exploit the design, the adversary would have to know your password first (or have your keyfiles). That means, for example, that he would capture it using a keystroke logger. If that was the case, then all security would be practically lost on that machine." ==================================================================== RE: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt. May 26 2006 09:14AM ennead (at) truecrypt (dot) org [email concealed] (ennead truecrypt org) Hello, This is an official response from the TrueCrypt development team. First, this is not a security bug. It is a known, documented and expected feature. It is utilized, for example, for the volume header backup/restore operation. Quotes from the TrueCrypt documentation: "WARNING: Restoring a volume header also restores the volume password that was valid when the volume header backup was created." Quote 2: "Note that if an adversary knows your password and has access to your volume, he may be able to retrieve and keep its master key. If he does, he may be able to decrypt your volume even after you change its password (because the master key was not changed). In such a case, create a new TrueCrypt volume and move all files from the old volume to this new one." Sincerely, Ennead TrueCrypt Foundation ==================================================================== Addendum May 26 2006 10:47AM ennead (at) truecrypt (dot) org [email concealed] (ennead truecrypt org) Addendum to my previous letter: Note that this design (master key encrypted with header key) is common and has been used for many years by many products (for example, Scramdisk, E4M, etc.) The main advantage of the design is that the user can change his password within a few seconds without having to re-encrypt the entire volume (which could take even days or weeks). In case of TrueCrypt, this also allows administrators in large corporations to "reset" passwords when a user forgets his password. This is described in the manual and in the FAQ: Quote from the TrueCrypt FAQ: "Q: We use TrueCrypt in a corporate environment. Is there a way for an administrator to reset a volume password when a user forgets it (or when he or she loses the keyfile)? A: There is no ?back door? implemented in TrueCrypt. However, there is a way to ?reset? a TrueCrypt volume password/keyfile. After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can ?reset? the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header (Tools -> Restore Volume Header)." In conclusion, this is not a "security bug", but design/feature. Also, to exploit the design, the adversary would have to know your password first (or have your keyfiles). That means, for example, that he would capture it using a keystroke logger. If that was the case, then all security would be practically lost on that machine. Sincerely, Ennead TrueCrypt Foundation ====================================================================