Authenticity and Integrity
TrueCrypt uses encryption to preserve the confidentiality of data it encrypts. TrueCrypt neither preserves nor verifies the integrity or authenticity of data it encrypts or decrypts. Hence, if you allow an adversary to modify data encrypted by TrueCrypt, he can set the value of any 16-byte block of the data to a random value or to a previous value, which he was able to obtain in the past. Note that the adversary cannot choose the value that you will obtain when TrueCrypt decrypts the modified block — the value will be random — unless the attacker restores an older version of the encrypted block, which he was able to obtain in the past. It is your responsibility to verify the integrity and authenticity of data encrypted or decrypted by TrueCrypt (for example, by using appropriate third-party software).
See also: Physical Security, Security Model
Next Section >>