Questions on keyfiles and constant use of TrueCrypt volumnes

We have a user who heavily depends on Truecrypt (she uses the last known version prior the site leaving their users).  The size of the volumes range from 360gb  to 1 tb and have been using them since 2012 with no glitch whatsoever.  She changes the volumes password successfully every year.

Yesterday, a colleague told her that she has to have the keyfiles of each volume and even more, that right after creating all her volumes, she should have backed up those keyfiles - she has never done this.  We have search on this topic and effectively it does says it (see pix below).

 tc quest
Based on the above, 2 questions:

1. Is there any considerations or maintenance she should consider for her TC volumes?
    (this is because the user is constantly using the TC volumes, sometimes having them open for
    days even is she hibernate her computer, the TC volumes are open)

2. Since she never backed the header or keyfiles when creating TC, may there be some problem?
    Also should we do regarding this?


Thank you very  much in advance.
rayluvsAsked:
Who is Participating?
 
McKnifeCommented:
It is funny that you don't even seem to distinguish between key files and the volume header, although those are different things.
Your screenshot says it: "(with a backup of the volume header and a backup of the password or Keyfile) in case the user loses his password (if a password is used) or his Keyfile (if a Keyfile is used), you (the admin) have a way to unlock the volume.

->backup the volume header together with a current Keyfile or password. Not doing that means you depend on the user (never good).
0
 
David Johnson, CD, MVPOwnerCommented:
if the keyfiles are lost then the TC volume is lost. So Identify them and back them up. They also should have regular backups of the TC volumes either encrypted or not using the 3-2-1 rule (3 backups/2 different types/1 being offsite)
0
 
rayluvsAuthor Commented:
Thanx both, will do.

Where it says "...before you allow a non-admin user to access the volume", that is only referencing a "first time" TC creation?  In other words, when we backup now both Keyfile and volume header, there is no difference or disadvantage against backing them up at the creation time?
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
McKnifeCommented:
No difference or disadvantage, no. TC advises you to do it at once, because corruption or other disasters may happen at any time. But it hasn't happened, luckily.
0
 
rayluvsAuthor Commented:
Thanx!

Lastly, the part of the question on "any considerations or maintenance the user should consider for her TC volumes?"
(due to the constantly use of the TC volumes during these years, sometimes having the TC volumes open for days even when hibernating the computers)

Any maintenance recommendation for this type of use of TC volumes?
0
 
McKnifeCommented:
No. As you see, it just works and it's ok to use it like this. The usual backups should be done, anyway.
0
 
rayluvsAuthor Commented:
I meant more like tools for checking the volume, or defrag, etc. on the volume itself (based on the constant use of these TC volumes, I assume that there has been some times that the user has had her computer locked, restarted and turned off erroneously - so maybe some data loss etc.)
0
 
McKnifeCommented:
It's not that fragile, It is still a normal volume. The key is in memory and all encrypted data is passed to a filter driver that uses that key to look at deciphered data. No big magic and not fragile - no extra care needed.
0
 
rayluvsAuthor Commented:
Ok
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.