This project has moved and is read-only. For the latest updates, please go here.

Keyfiles too small

Topics: Technical Issues, Users Discussion
Jan 12, 2017 at 10:33 AM
Let me explain: If a computer is compromised with a keylogger and the attacker has a way to copy files veracrypt becomes completely useless. The computer can never connect to the internet nor can any usbstick, sdcard, hdd etc. be used that was connected to a pc with internet access.
A 1KB file can be easily copied without anyone noticing. But if the keyfile was 100MB+ or even several GB big it would become much harder to copy the file. If the keyfile is changed regularly via a pc that is completely offline. The only way I can think of to compromise the approach is physically.
Jan 12, 2017 at 12:16 PM
This is long story. Problem is platform trusted. See TCG etc.

Solution of key copy problem is to use smart card or TPM. Smart card can contain non-recallable key. the key is inside smart card only. SC can perform crypto operation with the key like HMAC, encrypt or sign. But there is no possibility to retrieve key from SC. So it is not possible to copy SC and key.

I've started support of TPM 1.2 and platform key data for system encryption.