Truecrypt

Free open source on-the-fly encryption software

Defragmenting

When you (or the operating system) defragment the file system in which a file-hosted TrueCrypt container is stored, a copy of the TrueCrypt container (or of its fragment) may remain in the free space on the host volume (in the defragmented file system). This may have various security implications. For example, if you change the volume password/keyfile(s) afterwards, and an adversary finds the old copy or fragment (the old header) of the TrueCrypt volume, he might use it to mount the volume using an old compromised password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re-encrypted). To prevent this and other possible security issues (such as those mentioned in the sectionVolume Clones), do one of the following:

  • Use a partition/device-hosted TrueCrypt volume instead of file-hosted.
  • Securely erase free space on the host volume (in the defragmented file system) after defragmenting.
  • Do not defragment file systems in which you store TrueCrypt volumes.
Translate »