FORWARD BASE B

"Pay my troops no mind; they're just on a fact-finding mission."

Truecrypt – Issues With Plausible Deniability

Right now there are legal wars in most of the Western world about whether someone should be forced to give up passwords to hidden volumes. There are precedents on both sides, however generally speaking they will try and twist your arm. So people came up with the plausible deniability option, along with encrypted files within files.

Cryptology isn’t my specialty, so forgive me if this is off.

The Truecrypt file should be named after a compressed file, .avi .jpg .mp3, ect… not .dll or anything like that else a hex editor can tell that it is not a legitimate .dll file. The hidden volume should be stored on a FAT or encrypted partition, with an encrypted OS and without using any programs like microsoft word, ect that log data and usage.

The clencher is, there appear to be incriminating headers at the beginning of volumes in the metadata which would reveal that it is an encrypted volume (though not revealing the contents therein). That means you can’t just claim that a partition is just an innocent corrupted .avi file. The Plausible deniability feature of truecrypt is therefore probably broken. Removable media, like encrypted external hard drives, may still be vulnerable due to the filesystem metadata. The ability which was added that allows you to run the entire OS encrypted, allowing you to create a decoy and a hidden OS along with data.

A link about the cracked older version dated 2008

http://www.schneier.com/blog/archives/2008/07/truecrypts_deni.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: