Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier, UW Team Show Flaw In TrueCrypt Deniability

Posted by timothy on from the can't-prove-that-you-didn't-not-not-write-that dept.

An anonymous reader writes "Bruce Schneier and colleagues from the University of Washington have figured out a way to break the deniability of TrueCrypt 5.1a's hidden files. What about the spanking-new TrueCrypt 6? Schneier says that 'The new version will definitely close some of the leakages, but it's unlikely that it closed all of them.' Meanwhile, PC World is reporting that the problems Schneier and colleagues found are bigger than just TrueCrypt. Among their discoveries: Word auto-saves the contents of encrypted files to the unencrypted portions of your disk, and this problem should apply to all non-full disk encryption software. Their research paper will appear at Usenix HotSec '08."

9 of 225 comments (clear)

  1. usenix what? by hostyle · · Score: 5, Funny

    HotSex 08? Where do I sign up!

    --
    Caesar si viveret, ad remum dareris.
  2. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  3. About Bruce Schneier by dwalsh · · Score: 5, Funny

    Some of you may not be aware of the stature of Bruce Schneier in the field of computer security, so here is some background information:

    http://geekz.co.uk/schneierfacts/facts/top

    Bruce Schneier once decrypted a box of AlphaBits.

    Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.

    Bruce Schneier knows Alice and Bob's shared secret.

    Vs lbh nfxrq Oehpr Fpuarvre gb qrpelcg guvf, ur'q pehfu lbhe fxhyy jvgu uvf ynhtu.

    Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.

    Bruce Schneier knows the state of schroedinger's cat

    Bruce Schneier writes his books and essays by generating random alphanumeric text of an appropriate length and then decrypting it.

    When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it.

    If we built a Dyson sphere around Bruce Schneier and captured all of his energy for 2 months, without any loss, we could power an ideal computer running at 3.2 degrees K to count up to 2^256. This strongly implies that not only can Bruce Schneier brute-force attack 256-bit keys, but that he is built of something other than matter and occupies something other than space.

    Though a superhero, Bruce Schneier disdanes the use of a mask or secret identity as 'security through obscurity'.

    --
    ${YEAR+1} is going to be the year of Linux on the desktop!
    1. Re:About Bruce Schneier by EvanED · · Score: 5, Funny

      Personally, I like "Bruce Schneier already has a backup plan for when the second person discovers P=NP."

    2. Re:About Bruce Schneier by kwabbles · · Score: 5, Funny

      I ran into Bruce Schneier at an airport once. While we were waiting for a plane, I asked him if he would show me a "cool computer trick". He popped the RAM out of my laptop and quickly tasted the edge with the gold leads. He then told me that at 11:23pm the previous night I had visited ideepthroat.com with Firefox. Damn he's good.

      --
      Just disrupt the deflector shield with a tachyon burst.
  4. Summary is inaccurate by TheSpoom · · Score: 5, Informative

    Schneier et al don't break TrueCrypt's deniability, per se. They simply show that Word, Google Desktop, and other automatically-indexing programs may reveal a hidden partition's possible existence.

    This is a concern, of course, but can be avoided by careful use of the software invoked when using a TrueCrypt partition (i.e. killing processes except for TrueCrypt, etc).

    I believe there's also a portable version of TrueCrypt that can be used that leaves no traces on the OS install once you're finished.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  5. Sorry, dude... by Penguinisto · · Score: 5, Funny

    Seems that someone found a semi-reliable decryption mechanism that can not only stand up to that, but can reverse an even stronger algorithm known as "volcano".

    Didn't mean to dash your dreams, but you know how the security game goes...

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
    1. Re:Sorry, dude... by jeiler · · Score: 5, Funny

      "Volcano" is, indeed, a stronger algorithm than "fire", but it's also much coarser-grained. Further research shows that the decrypted portions were not completely encrypted, merely provided with a partially-encrypted wrapper.

      We can also discuss the even more advanced "Thermonuclear ground-zero" algorithm, but the ultimate form of this type of encryption (matter-antimatter annihilation) is only theoretically possible with our current technology.

      --

      If you haven't been down-modded lately, you aren't trying.

      Sacred cows make the best hamburger.

  6. Deniability on SSD? by Anonymous Coward · · Score: 5, Interesting

    This has been bugging me and I wonder if anyone out there can answer this: would the write-leveling used by flash drives defeat deniability as well? After all, if the most recently written-to portions of the drive are in a supposedly unused block, isn't that a bit of a giveaway?