In association with heise online

17 July 2008, 13:36

Vista, Word and Google Desktop circumvent TrueCrypt function

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cryptography expert Bruce Schneier, in conjunction with a research group, has studied the security of TrueCrypt, to see whether it meets the specifications for a 'Deniable File System' (DFS) – implemented in TrueCrypt as hidden volumes – and is really able to conceal the existence of a volume within a standard system environment.

Hidden volumes are intended to conceal even the existence of encrypted files. It allows a PC owner to deny having specific encrypted data on his PC. Even where a suspect in a police investigation reveals the key to an outer container in order to avoid a jail term, he or she can still deny the existence of a concealed inner container. This is known as deniable encryption. For the authorities, the only solution to this would be to make the private use of encryption itself illegal.

Whilst TrueCrypt 5.1a itself appears to offer few points of attack, Windows Vista, Word and Google Desktop all undermine the principle of deniability. As soon as a user opens a hidden volume, traces, such as a unique volume ID, are left in the Windows registry. In addition, an edited file may subsequently appear in the list of recently opened documents.

According to Schneier, Word can torpedo both encryption and deniability if auto-save is activated. Using simple Word auto-recovery tools, he succeeded in recovering a Word file edited in a hidden folder. Google Desktop, which indexes many data types as soon as a volume is opened, can have similarly fatal consequences.

Some of these problems have already been addressed in TrueCrypt 6.0. This allows the entire operating system to be hidden in an inner container. Depending on the password entered by the user when booting, either the encrypted system alone or both the encrypted system and the hidden system will start. It is then irrelevant whether or not the operating system or another application leaves traces of the hidden system.

Schneier's group intend to present their results at USENIX HotSec '08 at the end of this month. The seven-page paper is already available as a PDF.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit