jstern1 Posted May 16, 2008 Share Posted May 16, 2008 I have just been having a trawl through the help section on the truecrypt site and came across a section about wear levelling. As I understand it from the corsair site, all the latest flash drives use wear levelling but the truecrypt help states that... "...Due to security reasons, we recommend that TrueCrypt volumes are not stored on devices (or in file systems) that utilize a wear-leveling mechanism..." Is corsair aware that they are shipping their products with the truecrypt software that buy all accounts does not appear to support their hardware!!? Link to comment Share on other sites More sharing options...
Corsair Employee RAM GUY Posted May 16, 2008 Corsair Employee Share Posted May 16, 2008 I am pretty sure that was intended for software wear leveling and since this is done in the controller of our flash drives I do not feel it is a problem. Link to comment Share on other sites More sharing options...
Tritonio Posted May 17, 2018 Share Posted May 17, 2018 Sorry for necroposting but someone may still be searching for this: Using truecrypt on wear leveling is a problem because old versions of encrypted data remain. Say for example that you change the password of the volume, that means that the encryption key will be encrypted with the new password and written over the old encrypted key. Because of the wear leveling though the old sectors are not really overwritten, instead they are unmapped and kept outside of the logical volume space until some arbitrary point when they will be reused and overwritten. If in the meantime someone were to break the usb key open and read from the memory chips directly, they would be able to find that old version of the encryption key, the one encrypted with the old password. There are other possible attack vectors as well but I doubt these are more dangerous. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.