This project has moved and is read-only. For the latest updates, please go here.

Truecrypt's vulnerabilities

Topics: Technical Issues
Jan 5, 2016 at 2:23 AM
Dear Veracrypt Admin and fellow users,

The following post is about the 2 recent Truecrypt's vulnerabilities (CVE-2015-7358 and CVE-2015-7359). I've made a similar post a few days ago but I think I've posted it in the wrong section and it should be in this "Technical Issues" section instead. Sorry for the redundant post.

I have a hard drive where I partitioned it into a decoy OS and a hidden OS (both Windows 7), and I installed some sensitve files on it and they are also encrypted by TC in the hidden OS. I very seldom use this hard drive and it is just to store those sensitive files and is set aside when not in used. From my understandinng, the 2 above vulnerabilities apply only if 1) an attacker is on the same network as my computer OR 2) the computer is connected to the internet or 3) the attacker have physical access to my computer when the OS is turned on/in use. I wonder if this understanding is correct?

So, in my case, since I set the hard drive aside and it is never connected to the internet, suppose if a professional hacker physically steals my hard drive, will the 2 above vulnerabilities make it more easily for him to brute force it and decrypt the encrypted OS and its encrypted folders? From what I understand it seems it will not, but since I am not a techincal person I just want to make sure.

A reply would be much appreciated. Thanks.
Jan 5, 2016 at 8:59 PM