Version Information
Download 0.88 Mb. Pdf ko'rish
|
TrueCrypt User Guide
- Bu sahifa navigatsiya:
- Volume Clones
|
Journaling File Systems
When a file-hosted TrueCrypt container is stored in a journaling file system (such as NTFS), a copy of the TrueCrypt container (or of its fragment) may remain in the free space on the host volume. This may have various security implications. For example, if you change the volume password/keyfile(s) and an adversary finds the old copy or fragment (the old header) of the TrueCrypt volume, he might use it to mount the volume using an old compromised password (and/or using compromised keyfiles using an old compromised password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re- encrypted). Some journaling file systems also internally record file access times and other potentially sensitive information. If you need plausible deniability (see section Plausible Deniability), you must not store file-hosted TrueCrypt containers in journaling file systems. To prevent possible security issues related to journaling file systems, do one the following: • Use a partition/device-hosted TrueCrypt volume instead of file-hosted. • Store the container in a non-journaling file system (for example, FAT32). 95 Volume Clones Never create a new TrueCrypt volume by cloning an existing TrueCrypt volume. Always use the TrueCrypt Volume Creation Wizard to create a new TrueCrypt volume. If you clone a volume and then start using both this volume and its clone in a way that both eventually contain different data, then you might aid cryptanalysis (both volumes will share a single key set). This is especially critical when the volume contains a hidden volume. Also note that plausible deniability (see section Plausible Deniability) is impossible in such cases. See also the chapter How to Back Up Securely. Download 0.88 Mb. Do'stlaringiz bilan baham: 
|