Truecrypt password vectors can be approximated.

When building multiple Truecrypt containers, the utility provides for the user to generate entropy (randomness) data to fill a buffer exactly one time. This is done by tracing the movements of a mouse, and using the x.y coordinates to populate the buffer in question.

It may be observed that the check box to hide the header key is located at the same part of the window every time, and this is an early destination for the user’s mouse. If an intruder were to attempt to log mouse data in the same way that a key-logger log’s keyboard input, it would be possible to approximate the password vector by doing some arduous data crunching.

A defeat for this is to ensure that early in the process, one employs an alt-click, or a control click (shift-click is yet another variation,) or some combination of these. Because it would be difficult to know the time between each, with respect to the logged key strokes, this would obfuscate the password vector proportionately to the difference in a rocket trajectory when modified at low altitude, versus high latitude.

I expect that despite the fact that the entropy buffer is filled only once, even when building multiple containers, the differences in the passwords result in such changes that it does not compromise the quality of the encryption, if only the user devotes adequate time to entering randomness; a terrabyte drive calls for far more random data than a 20MB email attachment.

Added 7/3/13: In the face of a mouse logger, it is still possible to change the vector by interspersing mouse movement with key strokes, since a logger would have no way of correlating the timing of the inputs.

Advertisements

About James Johnson

I am an amateur mathematician & political theorist who enjoys (occasionally cerebral) humor.
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s