Firstly, we appricate truecrypt team comments but on the other hand we do not agree on some.
--Adonis Comment-- I do not agree with some of truecrypt comments specially the quoted text below. What if you had created a virtual disk and give that to someone. That someone use it as his/her own disk and decided to change the password because they own the disk now (You give them to them with the pass). So they did change the passowrd, but the originator can still access that disk if he/she replace the passphrase bytes in the binary file. So I consider this an attack on data INTEGRITY and data AVAILABILITY since the legitimate user will be denied access to the disk after replacing the passphrase bytes. -- End Comment-- ==================================================================== "In conclusion, this is not a "security bug", but design/feature. Also, to exploit the design, the adversary would have to know your password first (or have your keyfiles). That means, for example, that he would capture it using a keystroke logger. If that was the case, then all security would be practically lost on that machine." ==================================================================== Peace
