Security Review: TrueCrypt
Summary
TrueCrypt is a disk encryption system intended to solve the problem of people being forced to disclose encryption keys or face consequences. It allows a disk partition to be completely encrypted. The most recent version even includes a special bootloader that can be used to have a complete Windows installation inside of an encrypted volume.
One of TrueCrypt’s unique features is the ability to hide another volume inside of the same encrypted partition. The hidden volume is stored at the end of the primary volume, in what looks like random data in the free space of the primary volume.
Assets & Security Goals
The main asset is the protection of the user’s data. The encryption is meant to keep unauthorized users, agencies, and governments from gaining access to the protected data.
Another asset that TrueCrypt attempts to protect is plausible deniability. The user should be able to deny that the volume is indeed an encrypted volume in order to avoid being forced to divulge encryption keys.
Adversaries and Threats
One adversary is someone who simply wants access to the protected data to use it or alter it in some manner.
Another adversary is someone who wants to gain access to the data since it might incriminate the user.
Weaknesses
Since one of the flagship features of the software is the ability to have a hidden volume, an adversary might be suspicious of claims that no hidden volume exists.
If an adversary is able to make copies of the encrypted volume at several points in time and then later demands the password from the user, he might be able to deduce that a hidden volume exists since supposedly random data in the “free space” on the primary volume has changed.
Defenses
The protected data are encrypted with a cipher (or cascade of ciphers) selected by the user.
The actual bits on the volume are theoretically indistinguishable from random data. There are no signatures to identify a TrueCrypt volume.
The hidden volume feature allows a user to place fake files in the primary encrypted volume, when the actual files to protect are placed in a hidden volume, which appears to be random data in the free space of the primary volume. If the user is ever forced to disclose the password, he provides the password for the primary volume and only reveals the fake files.
Conclusions
TrueCrypt seems to do a decent job of protecting a user’s data and providing plausible deniability that the user is hiding something. However, it’s not perfect and users still have to be careful and still might find themselves in situations where not revealing passwords and encryption keys could have serious consequences.
Comment by cbhacking
February 11, 2008 @ 2:20 am
It is worth noting that TrueCrypt itself has no idea whether there is or is not a hidden volume until you provide it the correct password. This is secure from a standpoint of plausible deniability, but it has one downside: if a non-hidden volume is written into, it will eventually overwrite the hidden volume.
Of course, if an attacker wished to destroy data, the entire volume could just as easily be overwritten, deleted, or reformatted.
Comment by Nick Erkert
February 11, 2008 @ 6:14 am
Writing to the non-hidden volume should only cause an overwrite if you allocate your TrueCrypt volume inside of a file system. Doing that would be dangerous in and of itself as you run the risk of overwriting existing data or file system structure. Normally when creating completely hidden volumes, you give TrueCrypt some space on the drive that isn’t mapped to a partition. Since partitions aren’t dynamic you shouldn’t have to worry about a file system writing over the bounds you give it.
Comment by Saqib Ali
February 12, 2008 @ 6:50 am
I installed TrueCrypt on my laptop and ran some benchmark tests.
Benchmark Results:
http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks
Pros:
1) Easy to use product. Simple clean interface. Very user-friendly!
2) Free and Open Source
3) Multiple Encryption and Hashing algorithm available.
Cons:
1) Buffered Read and Buffered Transfer Rate was almost halved after TrueCrypt FDE was enabled :-(.
2) Access Time for large file (250+MB) increased by 11%.
3) The initial encryption of the 120 GB HDD took 2 hours.
Pingback by UW Computer Security Course Blog » Security Review: Full disk encryption
February 24, 2008 @ 9:25 pm
[…] has explored both the recent security breach and specific encryption tools (cold-boot attacks , Truecrypt security review), this security review will take a broad look at the security principles behind disk encryption and […]
Comment by chaz
June 11, 2008 @ 4:46 pm
Thoroughly excellent, FREE and easy to use, with ability to use cascaded algorithms. Use these, set a decently long password and have highest military level security. Brute force methods on the world’s fastest computers would take MANY tens of thousands of years or more to break this level of security. Also recommend ‘Cryptoswap’ to encrypt Windows page file. Your data is 100% secure from hacking.
Can also use keyfiles eg on USB stick. Would take millions of years to crack this level of security.
Only disadvantage is if data on encrypted volume or hidden volume on encrypted drive becomes corrupted, but you can use Windows tools diskchecker/ defrag on drive while mounted with password access. If keyfile becomes corrupted, you might NOT be able to access your encrypted work. FULL STOP.
Only proviso with this software is DON’T FORGET your passwords, as DATA PERMANENTLY INACCESSIBLE without the correct password – no backdoor access. If you store the password elsewhere on your computer/ laptop/ USB or flash drive, it can be hacked which rather defeats the purpose/ object. Any text file or sequence of files can be set up if you use the keyfile option and these are NOT flagged or tagged in any way, but it would be very prudent to keep backups of these files elsewhere on different drives or storage mediums eg CD’s. You also have to remember the sequence of keyfiles if you use more than one. Total security guaranteed, but DO KEEP encrypted copies of encrypted work as any drives/ storage media can fail.
Comment by Jimmy
July 29, 2008 @ 2:50 am
Hi, I’m using truecrypt, and am using keyfile, just want to know how secure is it if I use a 7 digit password with 2mb file size keyfile. how long would it take for a decent grade coder to unlock it, if possible, thank you
Comment by Nick Erkert
August 4, 2008 @ 8:17 am
Jimmy,
you might want to take a look at the TrueCrypt technical details chapter on keyfiles. Only the first megabyte of the keyfile is used so a 2MB keyfile is not really necessary. You also should be careful about what file you’re using as a keyfile. If the first megabyte of the file has very little entropy (ie some predictable pattern) it is not very useful to protect your data.
Aside from the keyfile, I’m a big fan of passphrases instead of passwords. That is some sequence of words that you can easily remember will be much harder to brute force than a 7 character password.
Finally, the amount of time it would take an attacker to gain access to your data likely depends more on how easy it would be for the attacker to breach your system security covertly and install a keylogger and possibly a screen monitor or a fake/modified truecrypt program. If the attacker was able to do this without you noticing, you would likely end up supplying your password/keyfile to the attacker without knowing you have done so.
In short, there are lots of ways to attack encrypted volumes and brute forcing them is probably the slowest (your 7 character password would likely be cracked in a reasonable timeframe (~ 1 month) if the attacker was someone with access to vast computing power). Your security is more likely to be breached by attacking the system on which it resides and logging your input to it.
Comment by Norman
August 4, 2008 @ 3:00 pm
It would appear that while TrueCrypt does an excellent job at encrypting data, the application and the OS itself can leave evidence of possible hidden volumes.
http://news.zdnet.co.uk/security/0,1000000189,39448526,00.htm
…and this evidence is sufficient for US Customs to either seize your equipment or copy the data for later investigation.
http://www.theregister.co.uk/2008/08/01/us_customs_laptop_seizures/
Comment by Jimmy
August 5, 2008 @ 7:18 am
Nick, thank you for the information. Just want to know if a MP3 file consider to have a predictable pattern?
Comment by Nick Erkert
August 5, 2008 @ 11:03 am
Jimmy, the entropy of an mp3 could conceivably be fairly low however the mp3 would likely have to be crafted specifically for low entropy. If the mp3 has little leading silence or some significant amount of noise during the first minute it’s likely to be safe.
Comment by Jimmy
August 5, 2008 @ 6:06 pm
Nick, again, thank you for the reply.
Comment by Tim
August 30, 2008 @ 4:50 am
Nick – Using unallocated drive space where there are no partitions is a dead giveaway however that there is something there. If a hidden container is allocated within a non-hidden container then this becomes plausibly deniable.
However, wherever it goes, it is important to write to the outer volume too on a frequent basis otherwise again it becomes an indicator to the presence of a hidden volume.
Comment by Nick Erkert
August 31, 2008 @ 3:16 pm
How can unallocated space be considered a dead giveaway if you are unable to distinguish the difference between an encrypted volume and truly unallocated space? You can suspect that an encrypted volume may reside there but there is no way of knowing unless you have a method of decrypting it.