On Wednesday, I wrote about TrueCrypt, and the requirement to create a Rescue Disk if you were going to use System Encryption. I looked into that, as I was setting up a test laptop so I could try the “Evil Maid” attack on TrueCrypt System Encryption.
And by Jove! The Evil Maid attack works.
Now here’s the reality check. You need physical access to the computer, twice. Once to corrupt the TrueCrypt Boot Loader, and once again to recover the password.
But, provided you can get access, say as a hotel maid, you can render TrueCrypt security useless. This attack reminds me of a company I used to work for, and their approach to when building keys get lost.
“Replace the lot, we can’t guarantee that they haven’t been copied while they’ve been out of our sight.”
Perhaps we need to start adopting that policy to TrueCrypt protected computers.