potential bug allows hidden volumes to be detected in both tc/veracrypt

Discussion in 'encryption problems' started by Paranoid Eye, Sep 14, 2016.

  1. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    174
    Location:
    io
    Hi I spotted something in the updated veracrypt notes of build 1.18a

    "fixed a vulnerability that allows hidden volumes to be detected"

    Was baffled by this so checked the veracrypt forums out and spotted one thread about it here;

    http://veracrypt.codeplex.com/discussions/657302

    Looks like someone was able to detect hidden volumes on the last truecrypt version and even the latest veracrypt 1.18 version version, so I think an veracrypt developer said 1.18a is now fixed and has to be installed and the drives with hidden volumes need to be re-created again from scratch !

    No idea if its 100% real but its right from the horses mouths on veracrypt forums/dev team.
     
  2. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    856
    Yes, it's real ;)
    Users have to re-create all affected volumes (both outer and hidden).
    If the user had no hidden volume before, there is no need to recreate volumes. (At least the user should upgrade to the new VeraCrypt-version)
    Edit: cosmetic change
     
    Last edited: Sep 14, 2016
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    This is real. BUT distinguishing the hidden volumes is not 100%, although its 90% plus. The "manner" in which the hidden volumes are being detected is not being publicly revealed at this time. The solution for this problem is quite easy as far as software modifications go. In essence two headers are now (1.18a) being created instead of one header and one random data "filler". Other notes are that only AES was examined so volumes created with cascades or other algo's are still to be examined.

    One thing I see over time is that VC is going to need to abandon backwards compatibility with TrueCrypt. TC is showing too weak and recently discovered flaws are being seen. In fact this hidden volume detection weakness was discovered using TC volumes. VC generates the same structure so it is generalized to be a VC issue too. The latest VC code has now changed that.

    Users of TC and VC --- you have nothing to fear regarding actually breaking into your outer/hidden volumes that is known by the development team of VC. Noticing their existence may be possible, in fact its likely but not certain, using code prior to 1.18a. Lack of 100% certainty during discovery examination would give you a weak but actual deniability.

    There is no solution without the hassle of re-creating the entire volume from scratch. For those with large external drives ----- sorry!! This DEFINITELY applies to system disk encryption where a hidden OS is being used.

    You do NOT need to do anything if you don't have a hidden volume on your drives. However; if you forget and create a hidden volume later without updating the VC software package you will have created something with a "tag" of your hidden volumes existence. At least update the software so you don't make a simple mistake and create new volumes that are "distinguishable" as to existence.

    Slightly related and for me relevant: many users zero wipe their free space on volumes which may hold symptoms of being discovered during examination (even though the actual writes are being encrypted when the volume is closed). I "noise fill" my drives, which some define as wiping, but I prefer to use something along the lines of urandom for linux. Similar strategies exist for windows too. I am leaning against the use of zero's for wiping drive space when it may possibly define the size of the data inside a volume (the non zero space). This is merely my opinion and not any official statement.
     
    Last edited: Sep 14, 2016
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  5. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    856
    Yes, with TCHunt you can search for encrypted data and are able to find it. But this doesn't affect plausible deniability:
    This is news because hidden volumes can be "detected", and this is affecting plausible deniability.
    After the user has re-created the volumes then it can't be proven anymore that there is a hidden volume inside.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    This new found flaw is quite different. Lets go back in time to the TCHunt era. TC was able to remove volume extensions (associations) and therefore a user could write large blocks (to a novice they appeared to be "chunks of encrypted data") but they were not known/shown as TC volumes. Of course to an adversary a multi-Gig block of encrypted data was beyond suspicious. That suspicion led to extreme LE pressure up to the $5.00 wrench method. TCHunt would/does search out those blocks and helps an examiner to zero in on those sectors of a drive platter. It is also beneficial for a normal user to assist in locating where they may have hidden a volume and then forgot.

    TCHunt finds the data chunks, but TC's volume format tool allowed a user to create those majestic hidden volumes. Now a user's response to LE was that space IS an encrypted volume. However; they could open it using the DECOY password and the adversary could NOT prove there was a hidden volume. TC Hunt saw the encrypted data "block" but could not penetrate any further to assist in the analysis of its contents.

    This new discovery goes well beyond the simplicity of TCHunt. It is now almost certain that we can formulate a mathematical "distinguisher" which is able to determine IF there is a hidden volume within that chunk of data (volume). In order to counter the distinguisher's ability to make that determination, the new volume format/creation tool constructs the volume headers differently than before. Assuming there is not a fundamental flaw in the way XTS is being negotiated this new handling of the headers might have completely fixed the weakness. I am at my limit for adding technical steps on this post, but I wanted to just give a heads up for the differences over good Ole TCHunt days. LOL!


    mood: sorry you beat me. We are on the same page!
     
    Last edited: Sep 16, 2016
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ mood & Palancar

    Ok guys, i see what you mean, Thanx. I still find that TCHunt is useful though.
     
Loading...