Warning: Missing argument 2 for wpdb::prepare(), called in /home/stromber/public_html/kryptoblog/wp-content/plugins/wp-super-edit/wp-super-edit.core.class.php on line 109 and defined in /home/stromber/public_html/kryptoblog/wp-includes/wp-db.php on line 1222
TrueCrypts gömda filsystem går att detektera » Kryptoblog

TrueCrypts gömda filsystem går att detektera

July 24th, 2008 by Joachim Strömbergson Leave a reply »

Dark Reading rapporterar att funktionen för att gömma filer och hela filsystem i krypteringsprogrammet TrueCrypt knäckts (eller vad man skall kalla det).

Funktionen i TrueCrypt kallas Plausible Deniability gör det möjligt att skapa gömda volymer (Deniable File System – DFS) avsedda att ej gå att detektera och därmed undvika problemet med att behöva uppge ett lösenord. TrueCrypts beskrivning av DFS är:

In case an adversary forces you to reveal your password, TrueCrypt provides and supports two kinds of plausible deniability: 1. Hidden volumes (for more information, see the section Hidden Volume). 2. It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of “signature”). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted. However, note that for system encryption, the first drive track contains the (unencrypted) TrueCrypt Boot Loader, which can be easily identified as such (for more information, see the chapter System Encryption). In such cases, plausible deniability can be achieved by creating a hidden operating system (see the section Hidden Operating System).

TrueCrypt containers (file-hosted volumes) can have any file extension you like (for example, .raw, .iso, .img, .dat, .rnd, .tc) or they can have no file extension at all. TrueCrypt ignores file extensions. If you need plausible deniability, make sure your TrueCrypt volumes do not have the .tc file extension (this file extension is officially associated with TrueCrypt).

Nu har Bruce Schneier & Co attackerat DFS och kommer att presentera en artikel där dom visar att det i en normal datormiljö går att identifiera och komma åt en DFS-volym. Schneier & Co skriver:


We examine the security requirements for creating a Deniable File System (DFS), and the efficacy with which the TrueCrypt disk-encryption software meets those requirements. We find that the Windows Vista operating system itself, Microsoft Word, and Google Desktop all compromise the deniability of a TrueCrypt DFS.

While staged in the context of TrueCrypt, our research highlights several fundamental challenges to the creation and use of any DFS: even when the file system may be deniable in the pure, mathematical sense, we find that the environment surrounding that file system can undermine its deniability, as well as its contents. Finally, we suggest approaches for overcoming these challenges on modern operating systems like Windows.

Notera att det alltså inte är brister i TrueCrypts algoritmer, utan snarare svårigheten att skapa en DFS i ett datorsystem med OS och andra applikationer.

Enligt Dark Reading hävdar TrueCrypts skapare att den nyligen släppta 6.0-versionen fixar problemen, vilket dock Bruce Schneier tvivlar på.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Advertisement

Leave a Reply

You must be logged in to post a comment.