Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier, UW Team Show Flaw In TrueCrypt Deniability

Posted by timothy on from the can't-prove-that-you-didn't-not-not-write-that dept.

An anonymous reader writes "Bruce Schneier and colleagues from the University of Washington have figured out a way to break the deniability of TrueCrypt 5.1a's hidden files. What about the spanking-new TrueCrypt 6? Schneier says that 'The new version will definitely close some of the leakages, but it's unlikely that it closed all of them.' Meanwhile, PC World is reporting that the problems Schneier and colleagues found are bigger than just TrueCrypt. Among their discoveries: Word auto-saves the contents of encrypted files to the unencrypted portions of your disk, and this problem should apply to all non-full disk encryption software. Their research paper will appear at Usenix HotSec '08."

4 of 225 comments (clear)

  1. Deniability on SSD? by Anonymous Coward · · Score: 5, Interesting

    This has been bugging me and I wonder if anyone out there can answer this: would the write-leveling used by flash drives defeat deniability as well? After all, if the most recently written-to portions of the drive are in a supposedly unused block, isn't that a bit of a giveaway?

  2. Re:Let me get this straight by Hatta · · Score: 4, Interesting

    Anyway, now Im rambling, but I use truecrypt only on my secure linux box, which doesnt have these problems

    Are you sure? Have you checked your ~/.bash_history file? Are you sure your editor isn't leaving autosaves in /tmp? There could even be plain text in your swap partition. It's hard to really know.

    If I needed plausible deniability I'd put a virtualbox image in the deniable container. Then I'd turn off swap and link ~/.bash_history to /dev/null. And I'm sure I've forgotten something.

    --
    Give me Classic Slashdot or give me death!
  3. Re: BitLocker Backdoor- Source? by Coopjust · · Score: 4, Interesting

    I'm replying to myself, but I have additional info to add.

    [...] it captures live data on the computer, which is why it's important for agents not to shut down the computer first, Fung said. A law enforcement agent connects the USB drive to a computer at the scene of a crime and it takes a snapshot of important information on the computer. It can save information such as what user was logged on and for how long and what files were running at that time, Fung said. It can be used on a computer using any type of encryption software, not just BitLocker.

    So it looks like COFEE is a USB device that performs monitoring once Vista has been booted and logged in. Not having your BitLocker USB drive plugged in and not leaving your PC on would seem to defeat an attack by COFEE.

  4. Re:Let me get this straight by MrNaz · · Score: 4, Interesting

    It seems to me that the best way to get this done would be for a bunch of guys (ideally with the paranoia of the OpenBSD guys) set about creating a Linux distro with all these things built in. It would obviously not be one built for performance, but it would be fully secured out of the box with encrypted swap, /tmp set as a ramdisk (optionally for users with enough ram or encrypted for those who don't), all installed apps (from vim to OpenOffice) configured to use secure areas for temp files etc etc.

    Such a distro would mean having that level of paranoia would not arouse as much suspicion, as you could just say "Meh, I run Paranoia Linux coz I heard it was secure" and not look like you put much effort into it.

    So, any takers on this project? I would, but I'm sucky at this kind of thing.

    --
    I hate printers.