Pasword change - old password still usable?

Open source disk encryption with strong security for the Paranoid

Brought to you by: idrassi

Pasword change - old password still usable?

Forum: Technical Topics

Creator: Anonymous

Created: 2014-11-14

Updated: 2014-11-14

Anonymous - 2014-11-14

Hi,

I have read somewhere that when you change your truecrypt / veracrypt password, the embedded backup header will remain encrypted with the old password, so that a potential attacker with a specially crafted cracking tool can still get access to your volume if they know or guess your old password. Is there is any substance to such a claim?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2014-11-14

No, they have confused themselves with in-bedded backup header and off disk backup.

The header backup on the actual hard disk is changed when you change your password.

If you saved backup headers to a CD / flash drive then these will obviously remain using the old password.

You must destroy old backup headers if you believe your password has been compromised.

It is good practice to create new backup headers every time you change your password.

Remember, your typed password is not actually the volume password. The ACTUAL password is a random key created when you made the volume.

If you believe you have been compromised to the extent your old password is known or a backup header has been copied then, decrypt and re-encrypt everything.

L0ck

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.