In either case, VeraCrypt needs the master key in RAM to derive the sector keys.
#Veracrypt developers password
The discussion you quote is about whether the master key should be stored inside the TPM instead of being encrypted by a password or key files on the disk. The master key itself is stored in the volume, protected by the volume password (and/or key files).
Those different keys are derived from one master key. VeraCrypt encrypts every sector with a different key. Is it a sort of electromagnetic analyses (DEMA)? If so, TPM is by default protected against it. I'm not sure about what they call "hardware keystroke logger". Use it after such an access), he can, for example, attach a maliciousĬomponent to it (such as a hardware keystroke logger) that willĬapture the password, the content of RAM (containing master keys) orĪble to read it later, when he gains physical access to the computer If the attacker can physically access the computer hardware (and you Maybe I'm wrong, but the content of the RAM will never contains the master keys right? The TPM will be used like an HSM, thus cryptographic operations will be made inside the TPM, and nothing about keys will be stored in the RAM. Saved to an unencrypted local drive (from which the attacker might beĪble to read it later, when he gains physical access to the computer). Reset the TPM, capture the content of RAM (containing master keys) orĬontent of files stored on mounted VeraCrypt volumes (decrypted on theįly), which can then be sent to the attacker over the Internet or If the attacker has administrator privileges, he can, for example, Stop using it (instead of relying on TPM). Impossible to secure the computer (see below) and, therefore, you must
However, if any of these conditions is met, it is actually Those programs use TPM to protect against attacks that require theĪttacker to have administrator privileges, or physical access to theĬomputer, and the attacker needs you to use the computer after such anĪccess.
According to the VeraCrypt FAQ, regarding whether or not TPMs are supported:
0 kommentar(er)
