Slashdot Mirror
Schneier, UW Team Show Flaw In TrueCrypt Deniability
An anonymous reader writes "Bruce Schneier and colleagues from the University of Washington have figured out a way to break the deniability of TrueCrypt 5.1a's hidden files. What about the spanking-new TrueCrypt 6? Schneier says that 'The new version will definitely close some of the leakages, but it's unlikely that it closed all of them.' Meanwhile, PC World is reporting that the problems Schneier and colleagues found are bigger than just TrueCrypt. Among their discoveries: Word auto-saves the contents of encrypted files to the unencrypted portions of your disk, and this problem should apply to all non-full disk encryption software. Their research paper will appear at Usenix HotSec '08."
HotSex 08? Where do I sign up!
Caesar si viveret, ad remum dareris.
Comment removed based on user account deletion
So Vista, Word, and Google Desktop make truecrypt less viable? Im Shocked I tell you! Shocked. Please..If you are serious about using truecrypt please tell me that you are savy enough to know how to get around some of these holes. Googledesktop?-aka, I spy on everyone and read your brain desktop? Its like saying my iron has a security hole if someone installs a hardware keylogger on my system. Duh! But just because Schneier is involved, the hacking gods must bow and agree with every word he says. Anyway, now Im rambling, but I use truecrypt only on my secure linux box, which doesnt have these problems. I hide all my stuff that would get me into lots of trouble if!@#@!#%T^GD no carrier
"It's ok, I'm completely secure as long as my iron is off"
If you're like me (meaning that you pay attention to what you read), you may be wondering what in the world "Word and auto-saves" means. I wondered so much I even followed the link, and saw that the omitted term was Google Desktop, omitted because of very sloppy cut and paste of the article.
I'm an American. I love this country and the freedoms that we used to have.
Some of you may not be aware of the stature of Bruce Schneier in the field of computer security, so here is some background information:
http://geekz.co.uk/schneierfacts/facts/top
Bruce Schneier once decrypted a box of AlphaBits.
Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.
Bruce Schneier knows Alice and Bob's shared secret.
Vs lbh nfxrq Oehpr Fpuarvre gb qrpelcg guvf, ur'q pehfu lbhe fxhyy jvgu uvf ynhtu.
Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.
Bruce Schneier knows the state of schroedinger's cat
Bruce Schneier writes his books and essays by generating random alphanumeric text of an appropriate length and then decrypting it.
When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it.
If we built a Dyson sphere around Bruce Schneier and captured all of his energy for 2 months, without any loss, we could power an ideal computer running at 3.2 degrees K to count up to 2^256. This strongly implies that not only can Bruce Schneier brute-force attack 256-bit keys, but that he is built of something other than matter and occupies something other than space.
Though a superhero, Bruce Schneier disdanes the use of a mask or secret identity as 'security through obscurity'.
${YEAR+1} is going to be the year of Linux on the desktop!
Schneier et al don't break TrueCrypt's deniability, per se. They simply show that Word, Google Desktop, and other automatically-indexing programs may reveal a hidden partition's possible existence.
This is a concern, of course, but can be avoided by careful use of the software invoked when using a TrueCrypt partition (i.e. killing processes except for TrueCrypt, etc).
I believe there's also a portable version of TrueCrypt that can be used that leaves no traces on the OS install once you're finished.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Windows should build in a encryption program like on Mac OS X
Uh... they did... 8 years ago.
They've had EFS (encrypting file system) since Windows 2000.
http://en.wikipedia.org/wiki/Encrypting_File_System
They've added BitLocker Drive Encryption with Vista (Ultimate & Enterprise).
http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption
They're not trying to decrypt files here, but just prove that files exist. TrueCrypt lets you put an encrypted volume inside an encrypted volume, such that if you mount the "outer" volume, you can't show evidence that there even exists an "inner" volume. However, if you mount that "inner" volume and use the files in it, Windows will make a Recent Documents shortcut to its location, thus disclosing the fact that there are files there.
I'm a TrueCrypt user, but not a DFS user, since I care more about the encryption than I do about plausible deniability, but I'm interested in trying this out. The test case might be along the lines of:
Since Spotlights also does a full-text search, does it cache any of that full-text data to make the next search faster?
I like music
Spotlight's index is stored in the root of the volume it's indexing. Encrypted filesystems are independent volumes, so their indexes are stored in their volume root. The index of the primary filesystem isn't altered.
I'm not sure it leaks zero information -- there have been some bugs with Spotlight indexes and FileVault-encrypted home directories.
Seems that someone found a semi-reliable decryption mechanism that can not only stand up to that, but can reverse an even stronger algorithm known as "volcano".
Didn't mean to dash your dreams, but you know how the security game goes...
Quo usque tandem abutere, Nimbus, patientia nostra?
This has been bugging me and I wonder if anyone out there can answer this: would the write-leveling used by flash drives defeat deniability as well? After all, if the most recently written-to portions of the drive are in a supposedly unused block, isn't that a bit of a giveaway?
Really?
All of Mac OS X encryption operates on user-managed encrypted disk images (volumes) or "encrypted home directories" (FileVault), which is really an OS-managed encrypted disk image.
FileVault home directories are no stronger than your login password. As this password is stored hashed only once (albeit salted, as of 10.4), it had better be immune to brute-force-guessing. They're also only as strong as your system-wide FileVault recovery keychain, as a copy of the key is stored in that, too.
Non-FileVault encrypted images at least use 1000-round PBKDF rather than a single hash and don't, by default, use a recovery keychain. At only 1k rounds, though, it had still better be immune to brute-force guessing.
None of this addresses the fact that using a Mac OS X system with an encrypted directory still leaks information about the contents of that directory onto the unencrypted parts of the drive. In fact, if anything, TrueCrypt is better about not doing this than the Mac, though neither of them hide their tracks all that well. The best approach is to have TrueCrypt running full-disk encryption so that there's nowhere for data to leak to.
Opening an encrypted partition with Windows Explorer is also a risk, because explorer will happily cache the directory structure of everything you browse to. Those paths and filenames show up in the explorer history, even if the drive is offline.
http://www.policystew.com/
you run at least full disk encryption. If one needs further plausible deniability, THEN you can run truecrypt. Also, cleaning out temp files should be a regular occurrence, as should running on an encrypted swap file/partition.
This is why secutiry needs to be left to the professionals and requires scrutiny. It is very hard to get right and very easy to leave holes. You run full disk encryption, but in many parts of the world, you can be compelled to disclose your keys. So, since your keys are disclosed, you now may as well assume that you never had the encryption in the first place. That puts you right back to square 1 and there is now evidence that you have a hidden volume.
Full disk encryption protects you against the consequences of theft, and for this, deniability has no utility. Deniability protects you against certain governments, and for this, full disk encryption often provides little utility.
SJW n. One who posts facts.
I encrypt using a one way algorithm know as "fire" that transforms all my secrets into ashes.
Is that the algorithm invented by the Greek hacker, Prometheus? I heard he got in a bit of trouble over it, he ended up somewhere like Guantanamo, but eventually was rescued.
"Keep in mind, though, that you can simply add exceptions to your updatedb.conf file, such that the directories/partitions you list will not be indexed (and hence will not be locatable by slocate)."
yes, put your hidden directories/partitions in /etc/slocate then slocate will not reveal their existence.
It seems to me there is something wrong with this sheme but I cannot put my finger on it. Hum ... but then again I'm not a security specialist.
I'm replying to myself, but I have additional info to add.
[...] it captures live data on the computer, which is why it's important for agents not to shut down the computer first, Fung said. A law enforcement agent connects the USB drive to a computer at the scene of a crime and it takes a snapshot of important information on the computer. It can save information such as what user was logged on and for how long and what files were running at that time, Fung said. It can be used on a computer using any type of encryption software, not just BitLocker.
So it looks like COFEE is a USB device that performs monitoring once Vista has been booted and logged in. Not having your BitLocker USB drive plugged in and not leaving your PC on would seem to defeat an attack by COFEE.
Windows caches all types of stuff about filesystems it touches in the registry. Open regedit some time and search for "OpenSaveMRU" and you'll see that pretty much every file you click to open in Windows is in there.
Not that Linux is any better, at least Gnome systems - check out ".nautilus" in your home folder. Same thing going on there with the directory structure, you name it. The first thing I do on a new Ubuntu box is remove ".recently-used.xbel" and create a directory with the same name, and make ".nautilus" owned by root and not world-writable. /tmp is obviously a problem on Unix-type systems as well, along with the swap partition.
Of course if your whole system is encrypted these are not problems, but then you don't exactly have a deniably-encrypted filesystem.
So, just to play along, what software do you propose to use on the mac to provide deniable encryption?
You could try this program called TrueCrypt. It seems to work okay.
"And there be unix which have made themselves unix for the kingdom of heaven's sake." - Matt. 19:12
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer]
Value Name: NoRecentDocsHistory
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable restriction, 1 = enable restriction)
So, just to play along, what software do you propose to use on the mac to provide deniable encryption?
You could try this program called TrueCrypt. It seems to work okay.
yup, ...until some folks showed flaws in TrueCrypt deniability
Now that's an attempt for infinite mod points!
And what about deniability, then?
You could try TrueCrypt. I think it works on Macs.
"And there be unix which have made themselves unix for the kingdom of heaven's sake." - Matt. 19:12