Schneier, UW Team Show Flaw In TrueCrypt Deniability

An anonymous reader writes "Bruce Schneier and colleagues from the University of Washington have figured out a way to break the deniability of TrueCrypt 5.1a's hidden files. What about the spanking-new TrueCrypt 6? Schneier says that 'The new version will definitely close some of the leakages, but it's unlikely that it closed all of them.' Meanwhile, PC World is reporting that the problems Schneier and colleagues found are bigger than just TrueCrypt. Among their discoveries: Word auto-saves the contents of encrypted files to the unencrypted portions of your disk, and this problem should apply to all non-full disk encryption software. Their research paper will appear at Usenix HotSec '08."

Re:Get A Mac

[serviscope_minor]

True Crypt has a problem eh... Windows should build in a encryption program like on Mac OS X. It would stop a lot problems and it would be Microsoft managed and it would work better because they have all the code for the OS and can provide a better service. In the Mac OS, there are no bugs that I have discovered yet on the built in encryption program. I would hope that True Crypt fixes this bug because it is a great program.

I know there's often mindless maclove on /., but please try to think before posting. So, just to play along, what software do you propose to use on the mac to provide deniable encryption?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Deniability on SSD?

[Anonymous Coward]

This has been bugging me and I wonder if anyone out there can answer this: would the write-leveling used by flash drives defeat deniability as well? After all, if the most recently written-to portions of the drive are in a supposedly unused block, isn't that a bit of a giveaway?

Turtles all the way down.

[Zarhan]

Depends, but then you can do turtles all the way down.

So, have an encrypted (obviously visible volume) that has "boring" stuff in it, like your basic groceries accounting and letters to grandma. Have a hidden volume that has embarassing but non-incriminating stuff (porn folders). Have a hidden volume inside THAT that contains embarassing stuff that you'd pretend people shouldn't really want to find out (eg. gay porn). Have a hidden volume inside that that contains your master plan of converting all WoW players into your army of midgets to take over the world...add as many layers as you want.

That's the idea with the deniability, They can never know if there actually is a hidden volume in there. So assuming torture, you are probably so lost yourself that you cannot even remember the scheme yourself anymore...Even if they go with the assumption that since you are using Truecrypt there MUST be a hidden volume - but there's no way to know how many nested hidden volumes there are.

Re:Let me get this straight

[Hatta]

Anyway, now Im rambling, but I use truecrypt only on my secure linux box, which doesnt have these problems

Are you sure? Have you checked your ~/.bash_history file? Are you sure your editor isn't leaving autosaves in /tmp? There could even be plain text in your swap partition. It's hard to really know.

If I needed plausible deniability I'd put a virtualbox image in the deniable container. Then I'd turn off swap and link ~/.bash_history to /dev/null. And I'm sure I've forgotten something.

Re:Not Truecrypt's fault, it appears

[imsabbel]

A more sane conclusion (without that stupid "propritary software" nag at the end) would be:

If you want _deniability_, you have to encrypt _everything_ belonging to the system you want to deny knowledge of.
Have another OS, and page file/partition around. But keep _everything_ that can be accessed by the other OS encrypted.

Otherwise, usage statistics, paged out memory, crash dumps, index files, any of a million different items could give you away.

Re:Get A Mac

[vivek7006]

I prefer Axcrypt [axantum.com] over Windows Compressed Folders password protection. AxCrypt is free and open-source.

From their FAQ:
Why is AxCrypt better than Windows Compressed Folders password protection?

In the July 2003 issue of PC World magazine, there is a description of how to password protect files using the built-in Windows Compressed Folders of Windows XP and ME. This is a WinZip compatible extension of the Windows Shell (Windows Explorer). The problem is that since it's WinZip-compatible it suffers from the same weakness as does WinZip. WinZip (and thus Compressed Folders) password protected archives use a proprietary and weak algorithm that is known to have the following weaknesses, exploited in numerous 'Password Recovery' products and services:
        * If the attacker knows the contents of one of the files in the archive, the password is susceptible to a so-called known plain-text attack. AxCrypt is never susceptible to this kind of attack.
        * If the archive contains 5 or more files, password recovery (i.e. cracked protection) is guaranteed. With AxCrypt you can have any number of files encrypted with the same passphrase without affecting the security.

Re: BitLocker Backdoor- Source?

[Coopjust]

I'm replying to myself, but I have additional info to add.

[...] it captures live data on the computer, which is why it's important for agents not to shut down the computer first, Fung said. A law enforcement agent connects the USB drive to a computer at the scene of a crime and it takes a snapshot of important information on the computer. It can save information such as what user was logged on and for how long and what files were running at that time, Fung said. It can be used on a computer using any type of encryption software, not just BitLocker.

So it looks like COFEE is a USB device that performs monitoring once Vista has been booted and logged in. Not having your BitLocker USB drive plugged in and not leaving your PC on would seem to defeat an attack by COFEE.

Re:Let me get this straight

[wlovins]

As an extension for the Windows users, a VMWare image that has updates turned off would work. Open the TrueCrypt encrypted image in VMWare so that the parent OS can't see it. Then do whatever you need to and unmount the TrueCrypt partition/file. Then shut down VMware. Since updates are turned off, no registry updates/tmp files/etc will be written to the image. Annoying? Kinda... but if you really need that level of security then you should probably be prepared to do what it takes to assure that security stays viable to your needs.

Re:Let me get this straight

[MrNaz]

It seems to me that the best way to get this done would be for a bunch of guys (ideally with the paranoia of the OpenBSD guys) set about creating a Linux distro with all these things built in. It would obviously not be one built for performance, but it would be fully secured out of the box with encrypted swap, /tmp set as a ramdisk (optionally for users with enough ram or encrypted for those who don't), all installed apps (from vim to OpenOffice) configured to use secure areas for temp files etc etc.

Such a distro would mean having that level of paranoia would not arouse as much suspicion, as you could just say "Meh, I run Paranoia Linux coz I heard it was secure" and not look like you put much effort into it.

So, any takers on this project? I would, but I'm sucky at this kind of thing.

Just use a VM

[swilver]

Fortunately, there's an easy way around this problem.

Instead of having just your "sensitive" data in a DFS, just use put an entire OS in there, which you can use with for example VMWare. So, you boot up your machine, type in your encryption password and end up in your safe and clean "nothing to see here" OS, with some decoy applications and VMWare. Then when you want to actually do something with your system, decrypt the DFS, start the VMWare image found there and do your normal work.

All they could prove in this case is that you use VMWare. Just make sure VMWare has no leaks pointing to the image in DFS, but that's trivial compared to cleaning up behind Vista and it's myriad of ways it keeps track of whatever you do (for your benefit usually, but not always).

Re:Let me get this straight

[jimicus]

So Vista, Word, and Google Desktop make truecrypt less viable? Im Shocked I tell you! Shocked. Please..If you are serious about using truecrypt please tell me that you are savy enough to know how to get around some of these holes. Googledesktop?-aka, I spy on everyone and read your brain desktop? Its like saying my iron has a security hole if someone installs a hardware keylogger on my system. Duh!

When you've wiped the flecks of foam away from your mouth... the whole point of TrueCrypt is it makes encryption easy to use. If the first thing you have to do is go around disabling a whole bunch of things and basically getting very intimate with what applications may be saving things in plaintext, then the authors have failed.

The general thrust of the article is that without an OS (and very possibly hardware) which provides a mechanism for the application to say "I'm security-sensitive, don't let anything copy bits of this data outside" then a 100% reliable encryption application based on the idea of "encrypt a small portion of what you use" cannot exist.

Re:Get A Mac

[TerranFury]

The address for Apple H.Q. is "1 Infinite Loop." So this conversation is kind of appropriate....