News

posted on 17 July 2008 09:41

A research group has found that files whose existence is hidden by a Deniable File System (DFS) can have some of their contents found through Windows Auto-save features and Google Desktop's seach indexing function.

BT security guru Bruce Schneier and University of Washington researchers, led by assistant professor Tadayoshi Kohno, found that this lapse applied only to drives with an encrypted partition but not at all to drives with full disk encryption (FDE).

What DFS does is to prevent unauthorised users even seeing that encrypted files exist in folder listings, etc. However, when users work on these files with, for example, Word, then that software's auto-recovery feature can place a copy of the data being worked on plus file metadata in a cache on the disk in the non-encrypted area. Whoops! Ditto the Google Desktop feature.

TrueCrypt, a supplier of a DFS, says that the latest 6.0 release of its software solves this problem. The researchers suggest this is the first indication of a potentially huge problem and that TrueCrupt can still be hacked.

A paper by the researchers will be presented at the Usenix HotSec Workshop on July 29 in San Jose.

More here.

^{[Martin Edwards, news writer.]}