In the context of encryption, these are the potential backdoors. As Enigma2Illusion explained, you can disable this hardware acceleration in VeraCrypt. Moreover, we systematically display a special random gathering dialog that uses mouse movements of the user to enhance random quality.Ĭoncerning the AES hardware acceleration, if it is backdoored it can store all AES keys used in the machine and later when an agency has access to the machine, it can dump them. If any backdoor exists in Intel CPUs, it probably affects two key points:Īs for the random generation, in VeraCrypt we don't use values returned from the CPU and we combine different unpredictable elements using a mixing function in order to hide any potential statistical relationship. I would like to make the volume sizing suitable that it could be burned to a DVD which we cold periodically do and store in our vault as a backup. Secondly, we would also like to have an ability to create and mount encrypted volumes. VeraCrypt, DiskCryptor or Symantec Desktop Encryption ? Given the information provided, I seek your advice and recommendation on which product we should use to encrypt the hard drives. Hard drives have power-on passwords which I know is not bullet-proof. Connected USB devices are also technically prevented and reinforced by internal business policy. These laptops are never allowed on the Internet. Internally to our business, I am satisfied we have taken all measures as possible to manage this. The operating system is unfortuately Windows 8.1 due to the business apps we need to run on them. I am perticularly nervous when they are travelling should the laptops be lost. We are a small company which bid on large contracts and we need to ensure that a couple of our employees's laptops are secure as we can possibly make them when they work on bid work off-site. I have a question to Mounir at this point. Please don't hesitate to posts any questions/remarks/opinions. I hope this clarifies any doubts you may have. All we can assure is that, with respect of the publicly know state of the art in cryptography and security, it is impossible to decrypt a VeraCrypt volume without knowing the password that was used, provided that the password has a good entropy. We don't know the amount of resources that NSA has nor if they have made any breakthrough in the cracking of public encryption algorithms. Your original question was about the "capability" of NSA to break a VeraCrypt volume. After all what happened lately, it was important to start this project under the eyes of the public, with a real identity, and to manage it like any transparent open source project. That's precisely why we went public with VeraCrypt instead of being completely anonymous as it was the case with TrueCrypt. To be clear : No, there is no backdoor in VeraCrypt and we'll never put any backdoor into it. I thought it was related to the feasibility of brute forcing a VeraCrypt volume. I'm sorry if my answer didn't address your main point.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |