Possible vulnerability in TrueCrypt 5.1
A possible vulnerability in TrueCrypt 5.1 that can expose keys on Windows systems has been described in a Russian language blog. This reports that the key remains in memory while the memory image is being written to disk, prior to entering hibernation mode. Attackers could read it there later, and use it to decrypt containers and partitions. But allegedly the keys are only exposed under specific circumstances, for example when using specific drivers for unusual storage controllers and RAID controllers. Windows 2000 systems with a RAID system based on the Intel Matrix Storage chip are said to be at particular risk.
Although TrueCrypt has long supported hibernation, the developers only added the hibernation function for completely encrypted system partitions in its current Version 5.1. It is not known whether the developers have been informed of this latest problem. An enquiry by heise Security still awaits an answer.
(mba)