Introduction

Beginner's Tutorial

System Encryption

 Supported Systems

 Hidden Operating System

 Rescue Disk

Plausible Deniability

 Hidden Volume

  Protection of Hidden Vol.

  Security Requirements

 Hidden Operating System

Parallelization

Pipelining

Hardware Acceleration

Encryption Algorithms

 AES

 Serpent

 Twofish

 Cascades

Hash Algorithms

 RIPEMD-160

 SHA-512

 Whirlpool

Technical Details

 Notation

 Encryption Scheme

 Modes of Operation

 Header Key Derivation

 Random Number Gen.

 Keyfiles

 Volume Format Spec.

 Standards Compliance

 Source Code

TrueCrypt Volume

 Creating New Volumes

 Favorite Volumes

 System Favorite Volumes

Main Program Window

 Program Menu

 Mounting Volumes

Supported Systems

Portable Mode

Keyfiles

Tokens & Smart Cards

Language Packs

Hot Keys

Security Model

Security Requirements

 Data Leaks

  Paging File

  Hibernation File

  Memory Dump Files

 Unencrypted Data in RAM

 Physical Security

 Malware

 Multi-User Environment

 Authenticity and Integrity

 New Passwords & Keyfiles

 Password/Keyfile Change

 Trim Operation

 Wear-Leveling

 Reallocated Sectors

 Defragmenting

 Journaling File Systems

 Volume Clones

 Additional Requirements

Command Line Usage

Backing Up Securely

Miscellaneous

 Use Without Admin Rights

 Sharing over Network

 Background Task

 Removable Medium Vol.

 TrueCrypt System Files

 Removing Encryption

 Uninstalling TrueCrypt

 Digital Signatures

Troubleshooting

Incompatibilities

Issues and Limitations

License

Future Development

Acknowledgements

Version History

References

   

Security Model Search

Disclaimers





Please consider making a donation.

   Donate Now >> Donate   


Security Model


Note to security researchers: If you intend to report a security issue or publish an attack on TrueCrypt, please make sure it does not disregard the security model of TrueCrypt described below. If it does, the attack (or security issue report) will be considered invalid/bogus.


TrueCrypt is a computer software program whose primary purposes are to:

  • Secure data by encrypting it before it is written to a disk.
  • Decrypt encrypted data after it is read from the disk.


TrueCrypt does not:

  • Encrypt or secure any portion of RAM (the main memory of a computer).
  • Secure any data on a computer* if an attacker has administrator privileges** under an operating system installed on the computer.
  • Secure any data on a computer if the computer contains any malware (e.g. a virus, Trojan horse, spyware) or any other piece of software (including TrueCrypt or an operating system component) that has been altered, created, or can be controlled, by an attacker.
  • Secure any data on a computer if an attacker has physical access to the computer before or while TrueCrypt is running on it.
  • Secure any data on a computer if an attacker has physical access to the computer between the time when TrueCrypt is shut down and the time when the entire contents of all volatile memory modules connected to the computer (including memory modules in peripheral devices) have been permanently and irreversibly erased/lost.
  • Secure any data on a computer if an attacker can remotely intercept emanations from the computer hardware (e.g. the monitor or cables) while TrueCrypt is running on it (or otherwise remotely monitor the hardware and its use, directly or indirectly, while TrueCrypt is running on it).
  • Secure any data stored in a TrueCrypt volume*** if an attacker without administrator privileges can access the contents of the mounted volume (e.g. if file/folder/volume permissions do not prevent such an attacker from accessing it).
  • Preserve/verify the integrity or authenticity of encrypted or decrypted data.
  • Prevent traffic analysis when encrypted data is transmitted over a network.
  • Prevent an attacker from determining in which sectors of the volume the content changed (and when and how many times) if he or she can observe the volume (dismounted or mounted) before and after data is written to it, or if the storage medium/device allows the attacker to determine such information (for example, the volume resides on a device that saves metadata that can be used to determine when data was written to a particular sector).
  • Encrypt any existing unencrypted data in place (or re-encrypt or erase data) on devices/filesystems that use wear-leveling or otherwise relocate data internally.
  • Ensure that users choose cryptographically strong passwords or keyfiles.
  • Secure any computer hardware component or a whole computer.
  • Secure any data on a computer where the security requirements or precautions listed in the chapter Security Requirements and Precautions are not followed.
  • Do anything listed in the section Limitations.


Under Windows, a user without administrator privileges can (assuming the default TrueCrypt and operating system configurations):

  • Mount any file-hosted TrueCrypt volume provided that the file permissions of the container allow it.
  • Mount any partition/device-hosted TrueCrypt volume.
  • Complete the pre-boot authentication process and, thus, gain access to data on an encrypted system partition/drive (and start the encrypted operating system).
  • Skip the pre-boot authentication process (this can be prevented by disabling the option Settings > 'System Encryption' > 'Allow pre-boot authentication to be bypassed by pressing the Esc key'; note that this option can be enabled or disabled only by an administrator).
  • Dismount, using TrueCrypt, (and, in the TrueCrypt application window, see the path to and properties of) any TrueCrypt volume mounted by him or her. However, this does not apply to 'system favorite volumes', which he or she can dismount (etc.) regardless of who mounted them (this can be prevented by enabling the option Settings > 'System Favorite Volumes' > 'Allow only administrators to view and dismount system favorite volumes in TrueCrypt'; note that this option can be enabled or disabled only by an administrator).
  • Create a file-hosted TrueCrypt volume containing a FAT or no file system (provided that the relevant folder permissions allow it).
  • Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted TrueCrypt volume (provided that the file permissions allow it).
  • Access the filesystem residing within a TrueCrypt volume mounted by another user on the system (however, file/folder/volume permissions can be set to prevent this).
  • Use passwords (and processed keyfiles) stored in the password cache (note that caching can be disabled; for more information see the section Settings > Preferences, subsection Cache passwords in driver memory).
  • View the basic properties (e.g. the size of the encrypted area, encryption and hash algorithm used, etc.) of the encrypted system partition/drive when the encrypted system is running.
  • Run and use the TrueCrypt application (including the TrueCrypt Volume Creation Wizard) provided that the TrueCrypt device driver is running and that the file permissions allow it.


Under Linux, a user without administrator privileges can (assuming the default TrueCrypt and operating system configurations):

  • Create a file-hosted or partition/device-hosted TrueCrypt volume containing a FAT or no file system provided that the relevant folder/device permissions allow it.
  • Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted or partition/device-hosted TrueCrypt volume provided that the file/device permissions allow it.
  • Access the filesystem residing within a TrueCrypt volume mounted by another user on the system (however, file/folder/volume permissions can be set to prevent this).
  • Run and use the TrueCrypt application (including the TrueCrypt Volume Creation Wizard) provided that file permissions allow it.
  • In the TrueCrypt application window, see the path to and properties of any TrueCrypt volume mounted by him or her.


Under Mac OS X, a user without administrator privileges can (assuming the default TrueCrypt and operating system configurations):

  • Mount any file-hosted or partition/device-hosted TrueCrypt volume provided that the file/device permissions allow it.
  • Dismount, using TrueCrypt, (and, in the TrueCrypt application window, see the path to and properties of) any TrueCrypt volume mounted by him or her.
  • Create a file-hosted or partition/device-hosted TrueCrypt volume provided that the relevant folder/device permissions allow it.
  • Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted or partition/device-hosted TrueCrypt volume (provided that the file/device permissions allow it).
  • Access the filesystem residing within a TrueCrypt volume mounted by another user on the system (however, file/folder/volume permissions can be set to prevent this).
  • Run and use the TrueCrypt application (including the TrueCrypt Volume Creation Wizard) provided that the file permissions allow it.


TrueCrypt does not support the set-euid root mode of execution.

Additional information and details regarding the security model are contained in the chapter Security Requirements and Precautions.




* In this chapter (Security Model), the phrase "data on a computer" means data on internal and external storage devices/media (including removable devices and network drives) connected to the computer.
** In this chapter (Security Model), the phrase "administrator privileges" does not necessarily refer to a valid administrator account. It may also refer to an attacker who does not have a valid administrator account but who is able (for example, due to improper configuration of the system or by exploiting a vulnerability in the operating system or a third-party application) to perform any action that only a user with a valid administrator account is normally allowed to perform (for example, to read or modify an arbitrary part of a drive or the RAM, etc.)
*** 'TrueCrypt volume' also means a TrueCrypt-encrypted system partition/drive (see the chapter System Encryption).





 Ads by Google 



Legal Notices www.truecrypt.org

 Ads by Google