Vigil@nce: TrueCrypt, detecting a DFS
July 2008 by Vigil@nce
SYNTHESIS
A local attacker can detect if a Deniable File System exists in
the TrueCrypt partition.
Gravity: 1/4
Consequences: data reading
Provenance: physical access
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 17/07/2008
Identifier: VIGILANCE-VUL-7954
IMPACTED PRODUCTS
– TrueCrypt [confidential versions]
DESCRIPTION
The TrueCrypt program encrypts user’s data. TrueCrypt can also
create a DFS (Deniable File Systems) to hide files, by using a
second passphrase.
However, when DFS is mounted, and when user opens a file with Word
for example, the filename is stored in the history of opened files.
An attacker can thus detect if a DFS exists and some files it
contains.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-7954