Re: On the Recent PGP and Truecrypt Posting

[John Pettitt <jpp@xxxxxxxxxxxxx>]

jon@xxxxxxx wrote:
> [snip]
>
> Simply put, if you change the passphrase on a PGP Virtual Disk, or a 
> Truecrypt volume, or anything else, it does not change the passphrase on 
> backups of that data. If you restore the data from the backup, the passphrase 
> on the restored file is not the passphrase on the changed one.
>
>   
Ignoring the issue of how things were published ....

I think the underlying point is that many users, not understanding the
difference between the bulk key used to encrypt the data and the
passphrase used to protect that bulk key would assume, incorrectly that
changing the passphrase would lock out prior users.

Clearly a users with a backup copy of an encrypted disk for which they
know the passphrase can use the technique described to decode a more
recent image of the same encrypted disk even though the owner of the
disk may think it safe because the passphrase was changed.   In this
situation the old user gain access to newer data that they were not
supposed to be able to access.    This is different from the described
restored backup situation in that the user is using a partial restore to
circumvent a security mechanism.

The re-encyrpt button obviously defeats this attack however it's not
clear that real world users actually understand the need to re-encrypt
to make pass phrase changes meaningful when backup copies exist.   I
think this is mostly a documentation issue and perhaps a user interface
design issue in that users should be strongly advised to re-encrypt when
they change the passphrase.

John