[Truecrypt] Location of encryption key

Discussion in 'privacy technology' started by raspb3rry, Jun 8, 2010.

Thread Status:
Not open for further replies.
  1. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
    I was reading the Wikipedia article about data remanence, and stumbled upon this statement:
    Since I'm using Truecrypt to encrypt some 100 mbs of data (political stuff), I was wondering in which sector of the encrypted container and on an encrypted OS Truecrypt stores the encryption key?

    I know this would probably fit better on the Truecrypt forum, but since I don't own a mail-account from my ISP, I'm not allowed to make posts on their forum.
     
  2. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    Check out the truecrypt site. They do provide all the information your looking for in documentation. I know that containers v5. and down is the first 512K is home of the header. For v6 and up you'll want to destroy the first and last meg of the container. (That will be the headers, both primary and backup, and then some extra.)

    I never really looked into the system encryption header information but it should be there.
     
  3. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
    Yep, just found this page on their homepage: Volume Format Specification
    I'll clearly need to wipe the first 512 kb (1 mb to be sure, as KookyMan says), and the last megabyte also.

    Thanks for the quick answer, KookyMan.
     
    Last edited: Jun 9, 2010
  4. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    994
    Location:
    Hawaii
    I suggest you study the volume format specifications again. For your scenario, what you need to wipe is the first 512 bytes (not kilobytes) of the volume header. You would also need to wipe the first 512 bytes of the embedded backup header, which begins 131,072 bytes (128K) back from the end of the volume. And you could actually wipe much less than the full 512 bytes per header and still easily accomplish your objective. Kookyman's advice paints a much broader stroke, but it would also work.

    A simpler approach would be to use a good quality keyfile and wipe that.

    The "key data" (basically, the header) for system encryption is stored in the last sector of Track 0. It's also stored on the TrueCrypt rescue cd.
     
  5. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
    Sorry about the kb-suffix, I was a bit too fast there.

    I know, but it would make the script I'm working on slightly more complicated. Even though it might save some time...

    Thank you very much for mentioning the keyfile-approach, I can't believe I didn't thought about that solution!
     
  6. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    994
    Location:
    Hawaii
    I'm curious about your methodology. How would your script accomplish this?
     
  7. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    What makes you think any of this is necessary? Truecrypt does not store the passphrase to disk anywhere.
     
  8. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    994
    Location:
    Hawaii
    I assume the OP is concerned that somebody might manage to force the passphrase out of him and he wants to prevent anyone (including himself) from ever accessing the data.
     
  9. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
    I'll rather use it as a fast way to destroy sensible data, in case the data loses its actuality and needs to be destroyed.

    If I manage to get the script working, I'll post the code in this thread. I'm working on several things at the moment, so it might take some time...
     
Loading...
Thread Status:
Not open for further replies.