Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Security IT

Schneier, UW Team Show Flaw In TrueCrypt Deniability 225

An anonymous reader writes "Bruce Schneier and colleagues from the University of Washington have figured out a way to break the deniability of TrueCrypt 5.1a's hidden files. What about the spanking-new TrueCrypt 6? Schneier says that 'The new version will definitely close some of the leakages, but it's unlikely that it closed all of them.' Meanwhile, PC World is reporting that the problems Schneier and colleagues found are bigger than just TrueCrypt. Among their discoveries: Word auto-saves the contents of encrypted files to the unencrypted portions of your disk, and this problem should apply to all non-full disk encryption software. Their research paper will appear at Usenix HotSec '08."
This discussion has been archived. No new comments can be posted.

Schneier, UW Team Show Flaw In TrueCrypt Deniability

Comments Filter:
  • by hostyle ( 773991 ) * on Thursday July 17, 2008 @04:30PM (#24234199)

    HotSex 08? Where do I sign up!

    • That's Unisex...

      I think you may want to reconsider your enthusiasm for HotSex 08.

      Or maybe not. Not that there's anything wrong with that.
    • by noz ( 253073 )

      You didn't get an invitation? Hmmmmm.

  • by account_deleted ( 4530225 ) on Thursday July 17, 2008 @04:30PM (#24234203)
    Comment removed based on user account deletion
    • by Penguinisto ( 415985 ) on Thursday July 17, 2008 @04:58PM (#24234543) Journal

      Seems that someone found a semi-reliable decryption mechanism that can not only stand up to that, but can reverse an even stronger algorithm known as "volcano" [byu.edu].

      Didn't mean to dash your dreams, but you know how the security game goes...

      /P

      • by jeiler ( 1106393 ) <go.bugger.off@gmai l . c om> on Thursday July 17, 2008 @05:13PM (#24234711) Journal

        "Volcano" is, indeed, a stronger algorithm than "fire", but it's also much coarser-grained. Further research shows that the decrypted portions were not completely encrypted, merely provided with a partially-encrypted wrapper.

        We can also discuss the even more advanced "Thermonuclear ground-zero" algorithm, but the ultimate form of this type of encryption (matter-antimatter annihilation) is only theoretically possible with our current technology.

        • Re: (Score:2, Funny)

          by A440Hz ( 1054614 )
          As Jack Handey rightly said, "If you drop your keys into a river of molten lava, forget 'em, 'cause man, they're gone."
        • by menace3society ( 768451 ) on Friday July 18, 2008 @12:41AM (#24238233)

          Thermonuclear ground-zero encryption is unnecessary, you just need good a good Brownian crypto device.

          On a serious note, there's also steganography. I wrote up a tool that works like shred(1), except instead of DoD-compliant type over-writes, it uses blocks of harmless text from Project Gutenberg. Theoretically it's weaker than a 35-pass algorithm, but the advantage is that it's now much harder to retrieve the original data, since it's much harder to tell apart.

          I really want to do something that would get my computer seized by the NSA so I can laugh while imagining them trying to find the data they're looking for. "Aha! I've found some unencrypted text... it says, 'Of all the cants which are canted in this canting world, â" though the cant of hypocrites may be the worst, â" the cant of criticism is the most tormenting...' Never mind, it's just some crap again...."

          Anyone know how to get in touch with Osama bin Laden?

    • Re: (Score:2, Funny)

      by nategoose ( 1004564 )
      I've been using fire 2.0 for a year already.
    • by xaxa ( 988988 ) on Thursday July 17, 2008 @05:20PM (#24234777)

      I encrypt using a one way algorithm know as "fire" that transforms all my secrets into ashes.

      Is that the algorithm invented by the Greek hacker, Prometheus? I heard he got in a bit of trouble over it, he ended up somewhere like Guantanamo, but eventually was rescued.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      You mean it's a one way hash function!

    • http://www.ajaxtocco.com/default.asp?ID=162 [ajaxtocco.com]

      I looked at a house once that had one of those old coal burning stoves; it had "ajax" written in huge letters on the hatch. I wonder if it is the same company.

  • by Anonymous Coward
    you run at least full disk encryption. If one needs further plausible deniability, THEN you can run truecrypt. Also, cleaning out temp files should be a regular occurrence, as should running on an encrypted swap file/partition.
    • Re: (Score:2, Insightful)

      by EvanED ( 569694 )

      Full disk encryption doesn't protect against the threat model that TrueCrypt's hidden files try to. The model there is that you are being forced to give up your key (or stand in contempt of court until you do), which means full disk encryption doesn't help you.

      • It would be tricky, but should be possible to mount a hidden volume as root -- or, failing that, a loopback file in that hidden volume.

        It wouldn't encrypt the entire disk, and it might be tricky to maintain a dummy root or two, but it could be done.

    • by serviscope_minor ( 664417 ) on Thursday July 17, 2008 @05:07PM (#24234671) Journal

      you run at least full disk encryption. If one needs further plausible deniability, THEN you can run truecrypt. Also, cleaning out temp files should be a regular occurrence, as should running on an encrypted swap file/partition.

      This is why secutiry needs to be left to the professionals and requires scrutiny. It is very hard to get right and very easy to leave holes. You run full disk encryption, but in many parts of the world, you can be compelled to disclose your keys. So, since your keys are disclosed, you now may as well assume that you never had the encryption in the first place. That puts you right back to square 1 and there is now evidence that you have a hidden volume.

      Full disk encryption protects you against the consequences of theft, and for this, deniability has no utility. Deniability protects you against certain governments, and for this, full disk encryption often provides little utility.

    • by smchris ( 464899 )

      By "cleaning out" you mean wipe, of course, not delete.

  • by carp3_noct3m ( 1185697 ) <slashdot.warriors-shade@net> on Thursday July 17, 2008 @04:37PM (#24234279)
    So Vista, Word, and Google Desktop make truecrypt less viable? Im Shocked I tell you! Shocked. Please..If you are serious about using truecrypt please tell me that you are savy enough to know how to get around some of these holes. Googledesktop?-aka, I spy on everyone and read your brain desktop? Its like saying my iron has a security hole if someone installs a hardware keylogger on my system. Duh! But just because Schneier is involved, the hacking gods must bow and agree with every word he says. Anyway, now Im rambling, but I use truecrypt only on my secure linux box, which doesnt have these problems. I hide all my stuff that would get me into lots of trouble if!@#@!#%T^GD no carrier
    • by Hatta ( 162192 ) on Thursday July 17, 2008 @05:06PM (#24234651) Journal

      Anyway, now Im rambling, but I use truecrypt only on my secure linux box, which doesnt have these problems

      Are you sure? Have you checked your ~/.bash_history file? Are you sure your editor isn't leaving autosaves in /tmp? There could even be plain text in your swap partition. It's hard to really know.

      If I needed plausible deniability I'd put a virtualbox image in the deniable container. Then I'd turn off swap and link ~/.bash_history to /dev/null. And I'm sure I've forgotten something.

      • if I remember correctly.
        in virtualbox you create a "profile/shortcut" that will point to this image. those are saved and they should contain path to the image.
        and remember to clear the RAM after you have shutdown virtualbox dont want them to come and freeze you RAM or use a firewire cable
      • by pembo13 ( 770295 )
        seems like you would want /tmp as a mem disk if you're going to be paranoid. (not that I have a problem with paranoia)
      • by Ant P. ( 974313 ) on Thursday July 17, 2008 @06:08PM (#24235221)

        If you want _plausible_ deniability, which is what this is about, then having no history file is only going to arouse suspicion. Open a shell with HISTFILE=/dev/null only when you're running the secret VM, and run the shell command using a GUI+script or some other method that doesn't keep tracks.

      • Are you sure? Have you checked your ~/.bash_history file? Are you sure your editor isn't leaving autosaves in /tmp? There could even be plain text in your swap partition. It's hard to really know.

        Those are all easy fixes. Symlink your .bash_history to /dev/zero or /dev/random, have your tmp partition encrypted and deleted upon reboot, turn off all autosave features, encrypt your swap partition, turn off indexing on your encrypted mountpoint.

      • Re: (Score:2, Insightful)

        Have you checked your ~/.bash_history file?

        Use 'unset HISTFILE' every terminal that uses the secret volume.

        Are you sure your editor isn't leaving autosaves in /tmp?

        Mount /tmp as a ramdisk.

        There could even be plain text in your swap partition.

        Encrypt your swap with cryptmount*.

        It's hard to really know.

        Agreed. You failed to mention things like ~/.thumbnails/ or ~/.gimp/tmp/, to name a few. All-in-all, this is exactly why the only safe thing to do is be paranoid and encrypt the whole thing. Even then, thoug

        • by MrNaz ( 730548 ) on Thursday July 17, 2008 @08:14PM (#24236301) Homepage

          It seems to me that the best way to get this done would be for a bunch of guys (ideally with the paranoia of the OpenBSD guys) set about creating a Linux distro with all these things built in. It would obviously not be one built for performance, but it would be fully secured out of the box with encrypted swap, /tmp set as a ramdisk (optionally for users with enough ram or encrypted for those who don't), all installed apps (from vim to OpenOffice) configured to use secure areas for temp files etc etc.

          Such a distro would mean having that level of paranoia would not arouse as much suspicion, as you could just say "Meh, I run Paranoia Linux coz I heard it was secure" and not look like you put much effort into it.

          So, any takers on this project? I would, but I'm sucky at this kind of thing.

      • Re: (Score:2, Interesting)

        by wlovins ( 880111 )
        As an extension for the Windows users, a VMWare image that has updates turned off would work. Open the TrueCrypt encrypted image in VMWare so that the parent OS can't see it. Then do whatever you need to and unmount the TrueCrypt partition/file. Then shut down VMware. Since updates are turned off, no registry updates/tmp files/etc will be written to the image. Annoying? Kinda... but if you really need that level of security then you should probably be prepared to do what it takes to assure that security s
    • Re: (Score:2, Informative)

      by Eighty7 ( 1130057 )
      Something I found amusing, GDS (google desktop search) linux is strictly opt-in on folders while GDS windows is opt out. I use it on my ubuntu box because it beats the hell out of tracker/beagle.
    • Re: (Score:3, Interesting)

      by jimicus ( 737525 )

      So Vista, Word, and Google Desktop make truecrypt less viable? Im Shocked I tell you! Shocked. Please..If you are serious about using truecrypt please tell me that you are savy enough to know how to get around some of these holes. Googledesktop?-aka, I spy on everyone and read your brain desktop? Its like saying my iron has a security hole if someone installs a hardware keylogger on my system. Duh!

      When you've wiped the flecks of foam away from your mouth... the whole point of TrueCrypt is it makes encryption easy to use. If the first thing you have to do is go around disabling a whole bunch of things and basically getting very intimate with what applications may be saving things in plaintext, then the authors have failed.

      The general thrust of the article is that without an OS (and very possibly hardware) which provides a mechanism for the application to say "I'm security-sensitive, don't let anyth

  • Word and what? (Score:5, Informative)

    by frovingslosh ( 582462 ) on Thursday July 17, 2008 @04:39PM (#24234295)
    Among their discoveries: Word and auto-saves the contents of encrypted files to the unencrypted portions of your disk,...

    If you're like me (meaning that you pay attention to what you read), you may be wondering what in the world "Word and auto-saves" means. I wondered so much I even followed the link, and saw that the omitted term was Google Desktop, omitted because of very sloppy cut and paste of the article.

  • by dwalsh ( 87765 ) on Thursday July 17, 2008 @04:39PM (#24234299)

    Some of you may not be aware of the stature of Bruce Schneier in the field of computer security, so here is some background information:

    http://geekz.co.uk/schneierfacts/facts/top [geekz.co.uk]

    Bruce Schneier once decrypted a box of AlphaBits.

    Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.

    Bruce Schneier knows Alice and Bob's shared secret.

    Vs lbh nfxrq Oehpr Fpuarvre gb qrpelcg guvf, ur'q pehfu lbhe fxhyy jvgu uvf ynhtu.

    Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.

    Bruce Schneier knows the state of schroedinger's cat

    Bruce Schneier writes his books and essays by generating random alphanumeric text of an appropriate length and then decrypting it.

    When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it.

    If we built a Dyson sphere around Bruce Schneier and captured all of his energy for 2 months, without any loss, we could power an ideal computer running at 3.2 degrees K to count up to 2^256. This strongly implies that not only can Bruce Schneier brute-force attack 256-bit keys, but that he is built of something other than matter and occupies something other than space.

    Though a superhero, Bruce Schneier disdanes the use of a mask or secret identity as 'security through obscurity'.

    • by EvanED ( 569694 ) <evaned@gm3.14159ail.com minus pi> on Thursday July 17, 2008 @04:42PM (#24234359)

      Personally, I like "Bruce Schneier already has a backup plan for when the second person discovers P=NP."

    • by kwabbles ( 259554 ) on Thursday July 17, 2008 @04:49PM (#24234455)

      I ran into Bruce Schneier at an airport once. While we were waiting for a plane, I asked him if he would show me a "cool computer trick". He popped the RAM out of my laptop and quickly tasted the edge with the gold leads. He then told me that at 11:23pm the previous night I had visited ideepthroat.com with Firefox. Damn he's good.

      • Comment removed based on user account deletion
      • Re: (Score:3, Funny)

        by Eighty7 ( 1130057 )
        We really need that -1 Informative mod...
      • I once ran into Bruce in ladies garment store (he likes to cross-dress, and so do I). I took out my laptop and asked him if he could crack it. I hadn't even finished opening the lid when he told me that there was a bug in my .bashrc file, either on line 57 or on 92, depending on which one I actually meant.

        I stole his wallet while he was trying on a strapless evening gown, though.

    • Re: (Score:3, Funny)

      by oahazmatt ( 868057 )

      Vs lbh nfxrq Oehpr Fpuarvre gb qrpelcg guvf, ur'q pehfu lbhe fxhyy jvgu uvf ynhtu.

      With his what? It could probably cause a cave-in as everything oozes out, with the right frequency of course, but physically crushing?

      • Re: (Score:2, Informative)

        by azzuth ( 1177007 )

        if you asked Bruce Schneier to decript this, he'd crush your skull with his laugh.

        He decripted it for me, and I still have my skull. On the other hand, he did take my soul. :( not really a fair trade in retrospect.

    • Bruce Schneier once proved the infinitude of twin primes -- by enumeration.

      Bruce Schneier generated his RSA key with the two largest prime numbers.

      As a way to hide recreational substances, Bruce Schneier invented a method to encrypt matter.

      • Bruce Schneier generated his RSA key with the two largest prime numbers.

        good, then we now what they are, wait, what is the two largest prime numbers?

  • by TheSpoom ( 715771 ) * <slashdot AT uberm00 DOT net> on Thursday July 17, 2008 @04:43PM (#24234365) Homepage Journal

    Schneier et al don't break TrueCrypt's deniability, per se. They simply show that Word, Google Desktop, and other automatically-indexing programs may reveal a hidden partition's possible existence.

    This is a concern, of course, but can be avoided by careful use of the software invoked when using a TrueCrypt partition (i.e. killing processes except for TrueCrypt, etc).

    I believe there's also a portable version of TrueCrypt that can be used that leaves no traces on the OS install once you're finished.

    • by Minwee ( 522556 )

      I believe there's also a portable version of TrueCrypt that can be used that leaves no traces on the OS install once you're finished.

      Your OS, however, will happily record that it ran a program called truecrypt and cached any DLLs it needed, log any changes in available drives and make a note that it accessed documents on the recently mounted 'F:' drive. Those are very definitely traces, and the documentation for TrueCrypt traveler mode [truecrypt.org] is very clear about their existence.

      They do suggest using BartPE [nu2.nu] to lo

    • Also if you check the option in TrueCrypt to mount encrypted partitions as removable drives, most indexing software will skip them, since it sees them as removable (ie a floppy or zip disk) and there's no point in indexing those unless you have specific removable media indexing software for that specific task.
  • I have no particular beef with any of the software options for encryption, but if you want encryption worth its mustard - I say there is nothing besides Hardware encryption. Get one of the Full disc encryption drives with HW encryption if you need security. If you ask me, every laptop with any degree of sensitive information should use an FDE drive.
    A little more on topic - can you recover old autosaves from disc after a save? can you recover old autosaves after the program is quit? what about after
  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Thursday July 17, 2008 @04:49PM (#24234457)
    Comment removed based on user account deletion
    • The "hackers" used in the article are a red herring.

      By the book, Mr RT:

      Regulation Forty-six-A: "If transmissions are being monitored during battle..."

      "...no uncoded messages on an open channel..."

      "Red Herring" is actually a code phrase meaning there's an upgrade available for Firefox.

      Then again, it could mean you don't get the shrubbery until you cut down the largest tree in the forest.

      One of those two, I'm sure of it.

    • by Zarhan ( 415465 ) on Thursday July 17, 2008 @05:05PM (#24234635)

      Depends, but then you can do turtles all the way down.

      So, have an encrypted (obviously visible volume) that has "boring" stuff in it, like your basic groceries accounting and letters to grandma. Have a hidden volume that has embarassing but non-incriminating stuff (porn folders). Have a hidden volume inside THAT that contains embarassing stuff that you'd pretend people shouldn't really want to find out (eg. gay porn). Have a hidden volume inside that that contains your master plan of converting all WoW players into your army of midgets to take over the world...add as many layers as you want.

      That's the idea with the deniability, They can never know if there actually is a hidden volume in there. So assuming torture, you are probably so lost yourself that you cannot even remember the scheme yourself anymore...Even if they go with the assumption that since you are using Truecrypt there MUST be a hidden volume - but there's no way to know how many nested hidden volumes there are.

      • Re: (Score:3, Funny)

        by onemorechip ( 816444 )

        This algorithm takes care of that:

        do {
              NextVolumePassword = EnhancedInterrogation.output;
              if ( Subject.dead ) throw EndInterrogationException;
              NewVolume = MountNextVolume( NextVolumePassword );
              cd NewVolume;
              VolumeSize = GetVolumeSize;
        } while ( VolumeSize > 0 )

    • Re: (Score:2, Funny)

      by PottedMeat ( 1158195 )
      I'm starting to think that I'd be better off learning to resist torture techniques than trying to protect my privacy...

      *ouch!* Give it to me *ow!* not that hard! damn...

      PM

  • by Anonymous Coward

    I like Bruce, I think he's got a lot of good insight, but when he spins up a "white paper" that basically says that applications are doing what they're supposed to be doing, and TrueCrypt isn't changing their native behavior, it does everyone in the "Security" community a disservice.

    Bruce, if you're trying to make a point - make it. Don't sit there and *publish* nitpicky crap that basically is a bug (or lacking feature) of the software. You'd be far better to say that security applications do not provide

  • Deniability on SSD? (Score:5, Interesting)

    by Anonymous Coward on Thursday July 17, 2008 @04:59PM (#24234555)

    This has been bugging me and I wonder if anyone out there can answer this: would the write-leveling used by flash drives defeat deniability as well? After all, if the most recently written-to portions of the drive are in a supposedly unused block, isn't that a bit of a giveaway?

    • by compro01 ( 777531 ) on Thursday July 17, 2008 @05:15PM (#24234733)

      the Truecrypt documentation mentions the possible implications of this.

      Wear-Leveling

      Some storage devices (e.g., some USB flash drives) and some file systems utilize so-called wear-leveling mechanisms to extend the lifetime of the storage device or medium. These mechanisms ensure that even if an application repeatedly writes data to the same logical sector, the data is distributed evenly across the medium (logical sectors are remapped to different physical sectors). Therefore, multiple "versions" of a single sector may be available to an attacker. This may have various security implications. For instance, when you change a volume password/keyfile(s), the volume header is, under normal conditions, overwritten with a re-encrypted version of the header. However, when the volume resides on a device that utilizes a wear-leveling mechanism, TrueCrypt cannot ensure that the older header is really overwritten. If an adversary found the old volume header (which was to be overwritten) on the device, he could use it to mount the volume using an old compromised password (and/or using compromised keyfiles that were necessary to mount the volume before the volume header was re-encrypted). Due to security reasons, we recommend that TrueCrypt volumes are not stored on devices (or in file systems) that utilize a wear-leveling mechanism. If you decide not to follow this recommendation and you intend to use system encryption when the system drive utilizes wear-leveling mechanisms, make sure the system partition/drive does not contain any sensitive data before you fully encrypt it (TrueCrypt cannot reliably perform secure in-place encryption of existing data on such a drive; however, after the system partition/drive has been fully encrypted, any new data that will be saved to it will be reliably encrypted on the fly). To find out whether a device utilizes a wear-leveling mechanism, please refer to documentation supplied with the device or contact the vendor/manufacturer.

    • No because the logical explanation is files were there that were deleted. Plus if you think about it, leveling means physical sectors and disk addresses don't match the virtual ones the OS sees... the drive is constantly shuffling the physical data around (or rather just moving it every write) while it maintains the same virtual position unless it would otherwise change... that's how I understand it at least. It seems a bit messy but the only way to optimize it would be to create a dedicated file system t

  • by Praxx ( 918463 ) on Thursday July 17, 2008 @05:03PM (#24234601)
    Opening an encrypted partition with Windows Explorer is also a risk, because explorer will happily cache the directory structure of everything you browse to. Those paths and filenames show up in the explorer history, even if the drive is offline.
    • Thats true of the OS X Finder also, at least as of last time I checked. And considering that is using 100% pre-installed Apple software, that seems unacceptable to me.
  • FTA:

    The researchers found that Windows Vista shortcuts can give away the existence of a hidden file. Vista, which automatically creates shortcuts to files that get used, then stores the shortcuts in the Recent Items folder. And the auto-save feature in Word, meanwhile, saved versions of the hidden files.

    "An attacker can use information gleamed from these files - as well as other information leakage from the primary application - to not only infer that a hidden volume exists, but also recover some of its contents," the researchers wrote in their report.

    Google Desktop is another culprit that exposes hidden files in TrueCrypt versions below 6.0, according to the report. The Google app's lists of recently changed documents and logs of recent file actions can reveal the existence of a hidden file.

    In other words, it's the applications that exposed Truecrypt, when the hidden files were VISIBLE.

    The moral of the story: If you have something to hide, turn off the damn logs or put them where they'll be destroyed (encrypted temporary partitions, for example). And don't depend on closed source, proprietary software.

    • Re: (Score:3, Interesting)

      by imsabbel ( 611519 )

      A more sane conclusion (without that stupid "propritary software" nag at the end) would be:

      If you want _deniability_, you have to encrypt _everything_ belonging to the system you want to deny knowledge of.
      Have another OS, and page file/partition around. But keep _everything_ that can be accessed by the other OS encrypted.

      Otherwise, usage statistics, paged out memory, crash dumps, index files, any of a million different items could give you away.

      • You're right. I only mentioned proprietary software because it can't be modified to protect your privacy. And it's not like it benefits them, anyway.

  • ...I guess I should be careful not to write any pr0n. ;)

  • Isn't it pretty well-known that you have to be careful about leakage? An example of that would be that most (all?) encryption HOWTOs tell you that you should encrypt your swap, because you just never know when some of your data might end up in there. If there's a lesson here, it's just that swap might not be enough; you need to think bigger.

    I can think of plenty of other ways that something, at least a hint of the existence of the data (if not the data itself) can leak around. Suppose /home/sloppy/ isn'

  • by Abalamahalamatandra ( 639919 ) on Thursday July 17, 2008 @05:54PM (#24235107)

    Windows caches all types of stuff about filesystems it touches in the registry. Open regedit some time and search for "OpenSaveMRU" and you'll see that pretty much every file you click to open in Windows is in there.

    Not that Linux is any better, at least Gnome systems - check out ".nautilus" in your home folder. Same thing going on there with the directory structure, you name it. The first thing I do on a new Ubuntu box is remove ".recently-used.xbel" and create a directory with the same name, and make ".nautilus" owned by root and not world-writable. /tmp is obviously a problem on Unix-type systems as well, along with the swap partition.

    Of course if your whole system is encrypted these are not problems, but then you don't exactly have a deniably-encrypted filesystem.

  • Sorry, couldn't come up with the traditional car analogy, so I had to resort to sports. We (that is, those of us who may or may not be using deniable file systems) didn't need Bruce Schneier to tell us that information can leak from a mounted encrypted volume to the system volume, nor that the same is true for the existence of a deniable volume. Which doesn't mean he isn't right. Neither Windows nor Linux is intended as a secure compartmented workstation, which is the minimum you'd need to pull this off

  • The summary ciphertext?

  • FTA:

    Google Desktop is another culprit that exposes hidden files in TrueCrypt versions below 6.0, according to the report. The Google app's lists of recently changed documents and logs of recent file actions can reveal the existence of a hidden file.

    Really poor phrasing. It makes Google Desktop look like the offender, when in actuality it ended up being a useful tool in pointing out a vulnerability (and perhaps correcting it).

  • Just use a VM (Score:3, Interesting)

    by swilver ( 617741 ) on Thursday July 17, 2008 @09:28PM (#24236887)

    Fortunately, there's an easy way around this problem.

    Instead of having just your "sensitive" data in a DFS, just use put an entire OS in there, which you can use with for example VMWare. So, you boot up your machine, type in your encryption password and end up in your safe and clean "nothing to see here" OS, with some decoy applications and VMWare. Then when you want to actually do something with your system, decrypt the DFS, start the VMWare image found there and do your normal work.

    All they could prove in this case is that you use VMWare. Just make sure VMWare has no leaks pointing to the image in DFS, but that's trivial compared to cleaning up behind Vista and it's myriad of ways it keeps track of whatever you do (for your benefit usually, but not always).

  • So if you open files from an encrypted drive and let your software auto-save backups to a non-encrypted drive, those files can be found?

    So if you store a shortcut to a file in your hidden volume, that shortcut can indicate that a hidden volume exists?

    So if you let your search application create an index of files in a drive, that index can indicate that the drive exists, and contains those files?

    So if your paging file isn't on an encrypted volume, any memory contents swapped out to it are stored unencrypted?

He keeps differentiating, flying off on a tangent.

Working...