Activity for Sébastien
-
Sébastien modified a comment on discussion Feature requests
Hi everyone, To follow up on the proposal for TPM-wrapped headers, I’ve synthesized the technical requirements to ensure this feature meets VeraCrypt’s high security standards while addressing common hardware-related vulnerabilities (Evil Maid, Bus Sniffing, and Portability). 1. Integrity Binding via PCR Sealing To neutralize "Evil Maid" attacks, the TPM-wrapped secret should be sealed against PCRs 0, 1, 2, and 7. The TPM will strictly refuse to participate in the decryption process if the BIOS,...
-
Hi everyone, To follow up on the proposal for TPM-wrapped headers, I’ve synthesized the technical requirements to ensure this feature meets VeraCrypt’s high security standards while addressing common hardware-related vulnerabilities (Evil Maid, Bus Sniffing, and Portability). 1. Integrity Binding via PCR Sealing To neutralize "Evil Maid" attacks, the TPM-wrapped secret should be sealed against PCRs 0, 1, 2, and 7. The TPM will strictly refuse to participate in the decryption process if the BIOS,...
-
Hi everyone, I would like to propose a significant enhancement to VeraCrypt’s security model: Optional TPM-wrapped Header Sealing. This feature is designed to protect users against sophisticated physical attacks (theft, "Evil Maid") by anchoring the volume's accessibility to the specific hardware. The Problem Currently, an attacker who steals a disk can perform an offline brute-force attack on the header using unlimited GPU/FPGA clusters. The only defense is the user's password entropy and the PIM....
1
