search

veracrypt / VeraCrypt

Disk encryption with strong security based on TrueCrypt
https://www.veracrypt.fr
Other
7k stars 955 forks source link

Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems #1351

Open slrslr opened 6 months ago

slrslr commented 6 months ago

Is this still an issue? https://docslib.org/doc/10431838/defeating-plausible-deniability-of-veracrypt-hidden-operating-systems https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems https://link.springer.com/chapter/10.1007/978-981-10-5421-1_1

If yes, can you mitigate it?

Jertzukka commented 6 months ago

Not sure if there is more recent threads, but see this: https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/.

jermanuts commented 5 months ago

https://infoscience.epfl.ch/record/297353/files/PDM%20Elia_Anzuoni-Kudelski.pdf

VeraCrypt, continues to be relatively widespread despite being exactly as insecure against multi-snapshot adversaries. If one wishes to be fully protected against such attacks, the only way is to resort to Write-Only ORAMs, and to pay the price of their performance overheads. Alternatively, some ”operational”, unproven security can be achieved by effectively re-randomising the actually-free space: this way, a user can claim that the changes occurred to the ”empty” blocks are due to this re-randomisation, and not to a hidden volume.

https://arxiv.org/pdf/2310.04589

https://discuss.privacyguides.net/t/plausible-deniability/17789

Jertzukka commented 5 months ago

VeraCrypt, continues to be relatively widespread despite being exactly as insecure against multi-snapshot adversaries.

Protection against multi-snapshot attacks are not in VeraCrypt's security model and it does not claim to guard against such attacks, see https://veracrypt.fr/en/Security%20Model.html. I don't think an implementation currently exists which does that, and one would undoubtedly be quite complex.

VeraCrypt does not:

  • Secure any data on a computer if an attacker has physical access to the computer before or while VeraCrypt is running on it.
  • Prevent an attacker from determining in which sectors of the volume the content changed (and when and how many times) if he or she can observe the volume (dismounted or mounted) before and after data is written to it, or if the storage medium/device allows the attacker to determine such information (for example, the volume resides on a device that saves metadata that can be used to determine when data was written to a particular sector).