The version had not yet been released when he and the UW researchers did their work, but Schneier thinks the outcome would likely be basically the same. Schneier, however, isn’t convinced that TrueCrypt 6 can’t be hacked. The new features include the ability to create and run a hidden encrypted operating system, for example. “To our best knowledge, TrueCrypt 6 solves all the issues,” says David, one of TrueCrypt’s developers.
TrueCrypt’s developers, meanwhile, say the just-released new version of the software, 6.0, remedies the leakage problem with DFS.
Unlike encryption, where files and directories are scrambled into unreadable but visible forms, DFS masks the existence of files altogether so that there’s no evidence of the files at all. The researchers were able to get around DFS in versions 5.0 and below of TrueCrypt’s encryption-on-the-fly tool, and will present their findings on the hack at the Usenix HotSec ’08 summit next week in San Jose, Calif. But Schneier, chief security technology officer with British Telecom and researchers from the University of Washington found that Microsoft Vista, Word, and Google Desktop each can blow the cover of files using this so-called “deniable file system” (DFS) feature. This “deniability” feature is a sort of extreme file-protection function that first encrypts the file and then hides it within an encrypted area on the disk drive like an invisibility cloak.
It may not be possible after all to conceal the existence of a sensitive file on a machine.īT security expert Bruce Schneier and a group of researchers have hacked an ultra-paranoid feature in the TrueCrypt open-source disk encryption tool that lets users hide secret files from detection by attackers or others.
0 kommentar(er)
