Computer Security
 » 
Info Security News (ISN)

Schneier research team cracks TrueCrypt

View: New views
1 Messages — Rating Filter:   Alert me  

Schneier research team cracks TrueCrypt

by InfoSec News-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

http://news.zdnet.co.uk/security/0,1000000189,39448526,00.htm

By Matthew Broersma
ZDNet.co.uk
17 July 2008

Researchers led by BT security expert Bruce Schneier have shown that
deniable file systems — designed to hide data so effectively that there
is no trace of its existence on a user's system — may not be so deniable
after all, due to the interference of standard applications and of the
operating system itself.

The researchers found that TrueCrypt, one of the best known deniable
file system (DFS) products, left evidence of its existence in ways that
would be straightforward for investigators to spot. This was due not to
flaws in TrueCrypt itself but rather to the fact that the surrounding
software is not designed to keep deniability intact, Schneier said.

The principle of deniability, also known as steganography, is to go one
step further than encryption, hiding evidence that there is any
encrypted data to search for in the first place.

Systems such as TrueCrypt are designed, for example, to allow users to
store sensitive information on a laptop passing through increasingly
invasive border controls, as detailed in a recent article on ZDNet.co.uk
sister site CNET News.com, cited in Schneier's research.

TrueCrypt uses the AES-256, Serpent and Twofish encryption algorithms,
and it has been claimed that its hidden volumes cannot be distinguished
from random data. The system offers two levels of 'plausible
deniability', in case the user is forced to reveal the password; one set
of data is revealed by one password, while the truly hidden data is
revealed by a separate password.

Schneier's research, however, focused on whether a user can plausibly
deny that there is in fact any hidden data on the system, arguing that,
if clear evidence can be found of hidden data, the system has failed.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Free Forum Powered by Nabble Forum Help