Evil Maid goes after TrueCrypt

This is why your decryption boostrap should never be on the hard drive. It should be on a usb stick along with your encrypted keys. This is elementary "something you have + something you know" security. The evil maid can't patch a bootloader that isn't there. And if he installs a keylogger, he's still out of luck because he only has your passphrase, not your decryption keys. He would also have to install a device that copies your key file somehow.<p>Sure, there are plenty of other attack vectors, but this takes the problem out of the evil maid category.

Physical access can almost always be leveraged to full system access.

It seems like the easiest poor-man's solution would be to disable booting from external devices, set a strong BIOS password, and fill the laptop's screw holes with epoxy.<p>At that point, you only have to worry about the strength of the BIOS's password-protection. Any other attempt at circumvention would be self-evident thanks to the destroyed case or epoxy.

Works on all OSs and only takes a few minutes: replace the laptop keyboard with your own keylogging version. Or insert a device where the serial port connects inside the laptop. Typical 'stealth' hardware based keylogging.

Full drive encryption is meant to protect against theft or loss, not against trojan horses (be that hardware or software).<p>To protect against trojan horses you need an external validation mechanism or a physical protection (be that a safebox or TPM, by the way the Truecrypt team is wrong about TPM, it's much more difficult to temper than bytes on a hard disk).

Whenever I suspect I might be somewhere where there's a keylogger running (public terminal etc) and I absolutely <i>have</i> to enter a password anyway, I just use the mouse to enter it out of order (and click away to throw in some random junk) while typing it in. Thwarts screen grabbers and keyloggers.

This is utterly fascinating. I use TrueCrypt and never dreamt that such a simple attack even existed.<p>Sigh - privacy in the age of information seems to be an impossible dream.

I can cut this "insertion" time in half. :) Miniature camera pasted somewhere discrete on the ceiling.<p>That even bypasses physical (lockbox) security.<p>(I liked the article but I think she waffled on a bit long about physical security, which TC developers made a good point about, and TPM)

There must be laptops out there with the feature that they lock closed and require some physical opening token (key, combination, etc). Given a sufficiently strong and tamper-evident locking mechanism, you wouldn't need an external lockbox and this attack would be difficult or impossible. (Emphasis on the "sufficiently", of course.)

Am I the only one who feel that trucrypt dev is just running away from answer here.<p>Joanna Rutkowska: If I could arrange for a proper lock or an impenetrable strongbox, than why in the world should I need encryption?<p>TrueCrypt Developer: Your question was: "And how can you determine that the attacker has or has not worked with your hardware?" My answer was a good safety case or strongbox with a good lock. If you use it, then you will notice that the attacker has accessed your notebook inside (as the case or strongbox will be damaged and it cannot be replaced because you had the correct key with you). If the safety case or strongbox can be opened without getting damaged &#38; unusable, then it's not a good safety case or strongbox. ;-)

This is like countless other social engineering attacks, getting people to unwittingly enter their passwords (e.g. phishing) has a high ROI and physical access just makes this very easy (e.g. ATM skimming).

Evil maid is modifying the boot record with a hook to their own code. If the boot record where this function is located is hashed and verified at the next boot, couldn't truecrypt alert the user to the compromise?

Couldn't a secure token (ala RSA SecurID) theoretically be used in some manner to prevent this attack?