The developers of the TrueCrypt open source encryption tool are considering submitting a complaint against Microsoft to the EU Commission if Microsoft is not prepared to lay open the Windows hibernation API. From version 5.1 TrueCrypt supports hibernation for encrypted system partitions. Potential vulnerabilities that could allow the hibernation file to be written to the disk in unencrypted form have been reported in this version in recent weeks. This would allow attackers to read the key and thus decrypt the partition or container.
In response to an enquiry from heise Security on this, the developers were cagey. They stated that the author of the security advisory had clearly incorrectly analysed the TrueCrypt source code, as the routines executed were incorrect and anyway TrueCrypt does not allow encryption of partitions under Windows 2000. Nevertheless, the developers confirmed that with certain storage drivers, the hibernation file could be written to the disk unencrypted. However, they see this as a problem for all vendors of drive encryption systems, as no documentation is available for the hibernation API and it is therefore necessary to adapt Windows components. This could be undone by Microsoft at any time, however, through the automatic update system for example, which would adversely affect the reliable functioning of products from other manufacturers.
The TrueCrypt developers state that they are currently preparing an official complaint against Microsoft. Should this fail to lead to disclosure, they are planning to submit an anti-competition complaint to the EU. Microsoft offers a system partition encryption system under Windows Vista in the form of BitLocker.
-------------------------I have been using TrueCrypt to protect semi-sensitive files on my personal laptop for quite some time now. I say "semi-sensitive" because if the files were really sensitive, I wouldn't have it on my laptop anyways. GPG keys and tax return PDFs don't go on laptops..lol
I recently formatted and reinstalled my personal laptop (running Windows XP SP2), so I took the chance to start off with a clean encrypted drive. I installed TrueCrypt 5.1 and encrypted the whole drive with AES-256.
It took around 2 hours to encrypted the full 80GB drive, but I was working during the encrypting process....and even had to pause it a few times. When I say working, I mean chatting and clicking refresh on Myspace faster than you can blink your little eyes.
So far, no problems...but I never sleep or hibernation my laptops.
As I was writing this blog, I noticed that TrueCypt 5.1a was released just yesterday. Time to patch and hopefully see some improved boot times.
No comments:
Post a Comment