TrueCrypt developers consider complaint against Microsoft
The developers of the TrueCrypt open source encryption tool are considering submitting a complaint against Microsoft to the EU Commission if Microsoft is not prepared to lay open the Windows hibernation API. From version 5.1 TrueCrypt supports hibernation for encrypted system partitions. Potential vulnerabilities that could allow the hibernation file to be written to the disk in unencrypted form have been reported in this version in recent weeks. This would allow attackers to read the key and thus decrypt the partition or container.
In response to an enquiry from heise Security on this, the developers were cagey. They stated that the author of the security advisory had clearly incorrectly analysed the TrueCrypt source code, as the routines executed were incorrect and anyway TrueCrypt does not allow encryption of partitions under Windows 2000. Nevertheless, the developers confirmed that with certain storage drivers, the hibernation file could be written to the disk unencrypted. However, they see this as a problem for all vendors of drive encryption systems, as no documentation is available for the hibernation API and it is therefore necessary to adapt Windows components. This could be undone by Microsoft at any time, however, through the automatic update system for example, which would adversely affect the reliable functioning of products from other manufacturers.
The TrueCrypt developers state that they are currently preparing an official complaint against Microsoft. Should this fail to lead to disclosure, they are planning to submit an anti-competition complaint to the EU. Microsoft offers a system partition encryption system under Windows Vista in the form of BitLocker.