Version Information


Authenticity and Integrity


Download 0.88 Mb.
Pdf ko'rish
bet70/122
Sana18.06.2023
Hajmi0.88 Mb.
#1590799
1   ...   66   67   68   69   70   71   72   73   ...   122
Bog'liq
TrueCrypt User Guide

Authenticity and Integrity 
TrueCrypt uses encryption to preserve the confidentiality of data it encrypts. TrueCrypt neither 
preserves nor verifies the integrity or authenticity of data it encrypts or decrypts. Hence, if you 
allow an adversary to modify data encrypted by TrueCrypt, he can set the value of any 16-byte 
block of the data to a random value or to a previous value, which he was able to obtain in the past. 
Note that the adversary cannot choose the value that you will obtain when TrueCrypt decrypts the 
modified block — the value will be random — unless the attacker restores an older version of the 
encrypted block, which he was able to obtain in the past. It is your responsibility to verify the 
integrity and authenticity of data encrypted or decrypted by TrueCrypt (for example, by using 
appropriate third-party software). 
See also:  Physical Security,  Security Model 
Choosing Passwords and Keyfiles 
It is very important that you choose a good password. You must avoid choosing one that contains 
only a single word that can be found in a dictionary (or a combination of such words). It must not 
contain any names, dates of birth, account numbers, or any other items that could be easy to 
guess. A good password is a random combination of upper and lower case letters, numbers, and 
special characters, such as @ ^ = $ * + etc. We strongly recommend choosing a password 
consisting of more than 20 characters (the longer, the better). Short passwords are easy to crack 
using brute-force techniques.
To make brute-force attacks on a keyfile infeasible, the size of the keyfile must be at least 30 
bytes. If a volume uses multiple keyfiles, then at least one of the keyfiles must be 30 bytes in size 
or larger. Note that the 30-byte limit assumes a large amount of entropy in the keyfile. If the first 
1024 kilobytes of a file contain only a small amount of entropy, it must not be used as a keyfile 
(regardless of the file size). If you are not sure what entropy means, we recommend that you let 
TrueCrypt generate a file with random content and that you use it as a keyfile (select Tools -> 
Keyfile Generator). 


92 
When creating a volume, encrypting a system partition/drive, or changing passwords/keyfiles, you 
must not allow any third party to choose or modify the password/keyfile(s) before/while the volume 
is created or the password/keyfiles(s) changed. For example, you must not use any password 
generators (whether website applications or locally run programs) where you are not sure that they 
are high-quality and uncontrolled by an attacker, and keyfiles must not be files that you download 
from the internet or that are accessible to other users of the computer (whether they are 
administrators or not).

Download 0.88 Mb.

Do'stlaringiz bilan baham:
1   ...   66   67   68   69   70   71   72   73   ...   122




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling