TrueCrypt, password master possibile?

Question

TrueCrypt, password master possibile?

#1 da (16 voti)

12

Recentemente stavo parlando con qualcuno, e hanno detto qualcosa sulla falsariga di TrueCrypt che ha una password "master key" che alcune autorità hanno.

Ora, da quello che so su come funziona TrueCrypt, non è impossibile?

O è possibile / plausibile?

cryptography truecrypt

posta Austin 11.11.2012 - 08:12

fonte

1 risposta

Leggi altre domande sui tag cryptography truecrypt

Cifra connessione WiFi per utente connesso Come proteggersi dagli avversari che rubano i laptop avviati per sconfiggere la crittografia completa del disco?

score 16 · Accepted Answer

Potrebbe esistere una backdoor, un modo semplice per ottenere ciò sarebbe crittografare la passphrase con una chiave pubblica e memorizzarla da qualche parte con la porzione di dati sul disco rigido, in modo che la passphrase potesse essere ripristinata con la chiave privata corrispondente.

Tuttavia, TrueCrypt è open source può essere sottoposto a peer review:

Dalle FAQ di TrueCrypt

I forgot my password – is there any way ('backdoor') to recover the files from my TrueCrypt volume?

We have not implemented any 'backdoor' in TrueCrypt (and will never implement any even if asked to do so by a government agency), because it would defeat the purpose of the software. TrueCrypt does not allow decryption of data without knowing the correct password or key. We cannot recover your data because we do not know and cannot determine the password you chose or the key you generated using TrueCrypt. The only way to recover your files is to try to "crack" the password or the key, but it could take thousands or millions of years (depending on the length and quality of the password or keyfiles, on the software/hardware performance, algorithms, and other factors). If you find this hard to believe, consider the fact that even the FBI was not able to decrypt a TrueCrypt volume after a year of trying.

E questo:

Why is TrueCrypt open-source? What are the advantages?

As the source code for TrueCrypt is publicly available, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. If the source code were not available, reviewers would need to reverse-engineer the executable files. However, analyzing and understanding such reverse-engineered code is so difficult that it is practically impossible to do (especially when the code is as large as the TrueCrypt code).

Remark: A similar problem also affects cryptographic hardware (for example, a self-encrypting storage device). It is very difficult to reverse-engineer it to verify that it does not contain any security flaw or secret 'backdoor'.

Ho anche trovato un'interessante discussione su TrueCrypt come un grande Honeypot: link