TrueCrypt support OpenPGP Card about truecrypt HOT 4 CLOSED

One problem I can see with this workflow is that a physical key (being
OpenPGP or smartcard) may or may not require a court order or more to be
surrendered, but in some instanced is covered by the 5th amendment here in
the US[1]. Yes the pin on the card is protected as privileged information
and would require compulsion by the court to be divulged[2] if the judge
felt it did not violate the witnesses 5th amendment right. Nothing say
though that the pin simply wouldn't just be bruit forced after the key
physical is obtained. There are safeguards you can have in place within
the card, but is not a guaranty that the encryption will not be broken.
Also there is liability on where the "encrypted" decryption password is
stored. Having the password stored (even encrypted) on a physical volume
or device seems like another vector someone could use to attack your volume
and forgo the need for your OpenPGP card altogether.

Personally I do like the idea of having a smartcard/pgp card as a 2FA
device in addition to other certs/passwords for a volume.

[1]
http://www.uclalawreview.org/the-fifth-amendment-encryption-and-the-forgotten-state-interest/
[2] https://en.wikipedia.org/wiki/In_re_Boucher

On Fri, Mar 11, 2016 at 10:01 AM, Hatter Jiang [email protected]
wrote:

What about this idea, the password for TrueCrypt protected by OpenPGP
Card, then mount a TrueCrypt disk will like this:

1. Open TrueCrypt
2. Select TrueCrypt Disk
3. Plug OpenPGP Card
4. Input OpenPGP Card PIN
5. OpenPGP Card decrypt password
6. The password decrypt TrueCrypt Disk

About OpenPGP Card: https://en.wikipedia.org/wiki/OpenPGP_card

—
Reply to this email directly or view it on GitHub
#23.

from truecrypt.

First, the feature I propose is not encrypting the passphrase, but encrypting the (truly randomly generated) volume key using a smart card. Instead of deriving that key from a passphrase.

Second, I had PIV cards in mind, though OpenPGP support would be fine too.

Finally, not every threat model has court orders as its highest risk. Plus, smart cards usually are PIN- or password-protected, and I'm sure one can plead the 5th for that PIN exactly the same way one would for the volume password of TrueCrypt.

from truecrypt.

Forgot to mention that smart cards usually lock after some very small number of failed attempts to enter PIN. Most people,set it between 5 and 10. Official policies (such as German standard) fix it at 3. So while technically it may be possible to extract the secret from a smart card - in practice the probability of success is nil.

from truecrypt.

TrueCrypt Development has been moved to CipherShed:

Lets move the discussion over there:
CipherShed/CipherShed#46

from truecrypt.