Each salt is generated by the TrueCrypt random number generator (see the section Random Number Generator).įor more information about header backups, see the subsection Tools -> Restore Volume Header in the chapter Main Program Window. When the volume password and/or keyfiles are changed, or when the header is restored from the embedded (or an external) header backup, both the volume header and the backup header (embedded in the volume) are re-encrypted with different header keys (derived using newly generated salts – the salt for the volume header is different from the salt for the backup header). The header backup is not a copy of the volume header because it is encrypted with a different header key derived using a different salt (see the section Header Key Derivation, Salt, and Iteration Count). Embedded Backup HeadersĮach TrueCrypt volume created by TrueCrypt 6.0 or later contains an embedded backup header, located at the end of the volume (see above). However, due to security reasons (with respect to the 128-bit block size used by the encryption algorithms), the maximum allowed volume size is 1 PB (1,048,576 GB). The maximum possible TrueCrypt volume size is 2 63 bytes (8,589,934,592 GB). The layout of the header of a hidden volume is the same as the one of a standard volume (bytes 0–65535). If there is no hidden volume within a TrueCrypt volume, bytes 65536–131071 of the volume (i.e., the area where the header of a hidden volume can reside) contain random data (see above for information on the method used to fill free volume space with random data when the volume is created). If a TrueCrypt volume hosts a hidden volume (within its free space), the header of the hidden volume is located at byte #65536 of the host volume (the header of the host/outer volume is located at byte #0 of the host volume – see the section Hidden Volume). The fields located at byte #0 (salt) and #256 (master keys) contain random values generated by the random number generator (see the section Random Number Generator) during the volume creation process. ** For system encryption, this item is omitted. If there is no hidden volume within the volume, this area contains random data. †† See bytes 0–65535.īackup header for hidden volume (encrypted with a different header key derived using a different salt). ![]() ![]() For system encryption, this item is omitted. ![]() For system encryption, offset may be different (depending on offset of system partition).īackup header (encrypted with a different header key derived using a different salt). †† See bytes 0–65535.ĭata area (master key scope). Reserved (for system encryption, this item is omitted ††)Īrea for hidden volume header (if there is no hidden volume within the volume, this area contains random data **). Size of the encrypted area within the master key scopeįlag bits (bit 0 set: system encryption bit 1 set: non-system in-place-encrypted volume bits 2-31 are reserved)ĬRC-32 checksum of the (decrypted) bytes 64–251Ĭoncatenated primary and secondary master keys § Size of hidden volume (set to zero in non-hidden volumes)īyte offset of the start of the master key scope Minimum program version required to open the volumeĬRC-32 checksum of the (decrypted) bytes 256–511
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |