Isn't a hidden volume used when encrypting a drive with TrueCrypt detectable?
Posted
by
neurolysis
on Super User
See other posts from Super User
or by neurolysis
Published on 2011-01-03T15:11:01Z
Indexed on
2011/01/03
15:56 UTC
Read the original article
Hit count: 199
I don't purport to be an expert on encryption (or even TrueCrypt specifically), but I have used TrueCrypt for a number of years and have found it to be nothing short of invaluable for securing data. As relatively well known free, open-source software, I would have thought that TrueCrypt would not have fundamental flaws in the way it operates, but unless I'm reading it wrong, it has one in the area of hidden volume encryption.
There is some documentation regarding encryption with a hidden volume here. The statement that concerns me is this (emphasis mine):
TrueCrypt first attempts to decrypt the standard volume header using the entered password. If it fails, it loads the area of the volume where a hidden volume header can be stored (i.e. bytes 65536–131071, which contain solely random data when there is no hidden volume within the volume) to RAM and attempts to decrypt it using the entered password. Note that hidden volume headers cannot be identified, as they appear to consist entirely of random data.
Whilst the hidden headers supposedly "cannot be identified", is it not possible to, on encountering an encrypted volume encrypted using TrueCrypt, determine at which offset the header was successfully decrypted, and from that determine if you have decrypted the header for a standard volume or a hidden volume?
That seems like a fundamental flaw in the header decryption implementation, if I'm reading this right -- or am I reading it wrong?
© Super User or respective owner