Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier, UW Team Show Flaw In TrueCrypt Deniability

Posted by timothy on from the can't-prove-that-you-didn't-not-not-write-that dept.

An anonymous reader writes "Bruce Schneier and colleagues from the University of Washington have figured out a way to break the deniability of TrueCrypt 5.1a's hidden files. What about the spanking-new TrueCrypt 6? Schneier says that 'The new version will definitely close some of the leakages, but it's unlikely that it closed all of them.' Meanwhile, PC World is reporting that the problems Schneier and colleagues found are bigger than just TrueCrypt. Among their discoveries: Word auto-saves the contents of encrypted files to the unencrypted portions of your disk, and this problem should apply to all non-full disk encryption software. Their research paper will appear at Usenix HotSec '08."

3 of 225 comments (clear)

  1. Don't forget Windows Explorer, too by Praxx · · Score: 4, Insightful

    Opening an encrypted partition with Windows Explorer is also a risk, because explorer will happily cache the directory structure of everything you browse to. Those paths and filenames show up in the explorer history, even if the drive is offline.

    --
    http://www.policystew.com/
  2. Re:And this is exactly why.. by serviscope_minor · · Score: 4, Insightful

    you run at least full disk encryption. If one needs further plausible deniability, THEN you can run truecrypt. Also, cleaning out temp files should be a regular occurrence, as should running on an encrypted swap file/partition.

    This is why secutiry needs to be left to the professionals and requires scrutiny. It is very hard to get right and very easy to leave holes. You run full disk encryption, but in many parts of the world, you can be compelled to disclose your keys. So, since your keys are disclosed, you now may as well assume that you never had the encryption in the first place. That puts you right back to square 1 and there is now evidence that you have a hidden volume.

    Full disk encryption protects you against the consequences of theft, and for this, deniability has no utility. Deniability protects you against certain governments, and for this, full disk encryption often provides little utility.

    --
    SJW n. One who posts facts.
  3. Re:Let me get this straight by Ant+P. · · Score: 4, Insightful

    If you want _plausible_ deniability, which is what this is about, then having no history file is only going to arouse suspicion. Open a shell with HISTFILE=/dev/null only when you're running the secret VM, and run the shell command using a GUI+script or some other method that doesn't keep tracks.