Schneier, UW Team Show Flaw In TrueCrypt Deniability 225
An anonymous reader writes "Bruce Schneier and colleagues from the University of Washington have figured out a way to break the deniability of TrueCrypt 5.1a's hidden files. What about the spanking-new TrueCrypt 6? Schneier says that 'The new version will definitely close some of the leakages, but it's unlikely that it closed all of them.' Meanwhile, PC World is reporting that the problems Schneier and colleagues found are bigger than just TrueCrypt. Among their discoveries: Word auto-saves the contents of encrypted files to the unencrypted portions of your disk, and this problem should apply to all non-full disk encryption software. Their research paper will appear at Usenix HotSec '08."
usenix what? (Score:5, Funny)
HotSex 08? Where do I sign up!
Comment removed (Score:5, Funny)
Let me get this straight (Score:4, Funny)
About Bruce Schneier (Score:5, Funny)
Some of you may not be aware of the stature of Bruce Schneier in the field of computer security, so here is some background information:
http://geekz.co.uk/schneierfacts/facts/top [geekz.co.uk]
Bruce Schneier once decrypted a box of AlphaBits.
Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.
Bruce Schneier knows Alice and Bob's shared secret.
Vs lbh nfxrq Oehpr Fpuarvre gb qrpelcg guvf, ur'q pehfu lbhe fxhyy jvgu uvf ynhtu.
Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.
Bruce Schneier knows the state of schroedinger's cat
Bruce Schneier writes his books and essays by generating random alphanumeric text of an appropriate length and then decrypting it.
When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it.
If we built a Dyson sphere around Bruce Schneier and captured all of his energy for 2 months, without any loss, we could power an ideal computer running at 3.2 degrees K to count up to 2^256. This strongly implies that not only can Bruce Schneier brute-force attack 256-bit keys, but that he is built of something other than matter and occupies something other than space.
Though a superhero, Bruce Schneier disdanes the use of a mask or secret identity as 'security through obscurity'.
Re:Word and what? (Score:4, Funny)
Re:About Bruce Schneier (Score:5, Funny)
Personally, I like "Bruce Schneier already has a backup plan for when the second person discovers P=NP."
Re:My Iron (Score:4, Funny)
I was wondering about that, I was thinking your security flaw was as simple as someone saying: "Hey, you left your iron on!" then they just rummage through your shit while yer distracted.
"It's ok, im completely secure as long as my iron is off"
Re:About Bruce Schneier (Score:5, Funny)
I ran into Bruce Schneier at an airport once. While we were waiting for a plane, I asked him if he would show me a "cool computer trick". He popped the RAM out of my laptop and quickly tasted the edge with the gold leads. He then told me that at 11:23pm the previous night I had visited ideepthroat.com with Firefox. Damn he's good.
Re:About Bruce Schneier (Score:3, Funny)
Vs lbh nfxrq Oehpr Fpuarvre gb qrpelcg guvf, ur'q pehfu lbhe fxhyy jvgu uvf ynhtu.
With his what? It could probably cause a cave-in as everything oozes out, with the right frequency of course, but physically crushing?
Sorry, dude... (Score:5, Funny)
Seems that someone found a semi-reliable decryption mechanism that can not only stand up to that, but can reverse an even stronger algorithm known as "volcano" [byu.edu].
Didn't mean to dash your dreams, but you know how the security game goes...
Re:Lucky for me... (Score:2, Funny)
Re:Sorry, dude... (Score:5, Funny)
"Volcano" is, indeed, a stronger algorithm than "fire", but it's also much coarser-grained. Further research shows that the decrypted portions were not completely encrypted, merely provided with a partially-encrypted wrapper.
We can also discuss the even more advanced "Thermonuclear ground-zero" algorithm, but the ultimate form of this type of encryption (matter-antimatter annihilation) is only theoretically possible with our current technology.
Re:Lucky for me... (Score:5, Funny)
I encrypt using a one way algorithm know as "fire" that transforms all my secrets into ashes.
Is that the algorithm invented by the Greek hacker, Prometheus? I heard he got in a bit of trouble over it, he ended up somewhere like Guantanamo, but eventually was rescued.
Re:Sorry, dude... (Score:2, Funny)
Re:No Problem Here (Score:5, Funny)
"Keep in mind, though, that you can simply add exceptions to your updatedb.conf file, such that the directories/partitions you list will not be indexed (and hence will not be locatable by slocate)."
yes, put your hidden directories/partitions in /etc/slocate then slocate will not reveal their existence.
It seems to me there is something wrong with this sheme but I cannot put my finger on it. Hum ... but then again I'm not a security specialist.
Re:A visit from the NSA (Score:1, Funny)
Re:About Bruce Schneier (Score:3, Funny)
Re:Get A Mac (Score:5, Funny)
So, just to play along, what software do you propose to use on the mac to provide deniable encryption?
You could try this program called TrueCrypt [truecrypt.org]. It seems to work okay.
Re:Turtles all the way down. (Score:3, Funny)
This algorithm takes care of that:
do {
NextVolumePassword = EnhancedInterrogation.output;
if ( Subject.dead ) throw EndInterrogationException;
NewVolume = MountNextVolume( NextVolumePassword );
cd NewVolume;
VolumeSize = GetVolumeSize;
} while ( VolumeSize > 0 )
Opps (Score:2, Funny)
You lost me after the first "M$".
Re:Lucky for me... (Score:2, Funny)
You mean it's a one way hash function!
Re:Bruce = Chuck! (Score:2, Funny)
And you're a captain in the obvious army!
Re:Get A Mac (Score:4, Funny)
So, just to play along, what software do you propose to use on the mac to provide deniable encryption?
You could try this program called TrueCrypt [truecrypt.org]. It seems to work okay.
yup, ...until some folks showed flaws in TrueCrypt deniability [slashdot.org]
Now that's an attempt for infinite mod points!
Re:Won't really matter (Score:2, Funny)
*ouch!* Give it to me *ow!* not that hard! damn...
PM
Re:Get A Mac (Score:3, Funny)
yup, ...until some folks showed flaws in TrueCrypt deniability [slashdot.org]
You should just use a Mac. I've never experienced any bugs with its built-in encryption options.
Re:Let me get this straight (Score:2, Funny)
You could do it by trolling Theo on the OpenBSD mailing lists. Propose lots of stuff and implement the bits that make him least angry. If you make him so angry he murders his wife, at least she died for something worthwhile.
Hell if that happens name the Linux distro after her.
Re:Get A Mac (Score:1, Funny)
yup, ...until some folks showed flaws in TrueCrypt deniability [slashdot.org]
You should just use a Mac. I've never experienced any bugs with its built-in encryption options.
And what about deniability, then?
Re:Sorry, dude... (Score:5, Funny)
Thermonuclear ground-zero encryption is unnecessary, you just need good a good Brownian crypto device.
On a serious note, there's also steganography. I wrote up a tool that works like shred(1), except instead of DoD-compliant type over-writes, it uses blocks of harmless text from Project Gutenberg. Theoretically it's weaker than a 35-pass algorithm, but the advantage is that it's now much harder to retrieve the original data, since it's much harder to tell apart.
I really want to do something that would get my computer seized by the NSA so I can laugh while imagining them trying to find the data they're looking for. "Aha! I've found some unencrypted text... it says, 'Of all the cants which are canted in this canting world, â" though the cant of hypocrites may be the worst, â" the cant of criticism is the most tormenting...' Never mind, it's just some crap again...."
Anyone know how to get in touch with Osama bin Laden?
Re:Get A Mac (Score:5, Funny)
And what about deniability, then?
You could try TrueCrypt [truecrypt.org]. I think it works on Macs.
That's why i *double* encrypt (Score:2, Funny)
Re:TC has Deniability (Score:2, Funny)
Replying to your sig... Get out of Ohio... Leaving there 10 years ago was the smartest thing I've ever done.