Vista, Word and Google Desktop circumvent TrueCrypt functionJuly 17, 2008 – 6:45 AM
Cryptography expert Bruce Schneier, in conjunction with a research group, has studied the security of TrueCrypt, to see whether it meets the specifications for a ‘Deniable File System’ (DFS) – implemented in TrueCrypt as hidden volumes – and is really able to conceal the existence of a volume within a standard system environment.
Hidden volumes are intended to conceal even the existence of encrypted files. It allows a PC owner to deny having specific encrypted data on his PC. Even where a suspect in a police investigation reveals the key to an outer container in order to avoid a jail term, he or she can still deny the existence of a concealed inner container. This is known as deniable encryption. For the authorities, the only solution to this would be to make the private use of encryption itself illegal.
Whilst TrueCrypt 5.1a itself appears to offer few points of attack, Windows Vista, Word and Google Desktop all undermine the principle of deniability. As soon as a user opens a hidden volume, traces, such as a unique volume ID, are left in the Windows registry. In addition, an edited file may subsequently appear in the list of recently opened documents.
According to Schneier, Word can torpedo both encryption and deniability if auto-save is activated. Using simple Word auto-recovery tools, he succeeded in recovering a Word file edited in a hidden folder. Google Desktop, which indexes many data types as soon as a volume is opened, can have similarly fatal consequences.