Written: 23rd August 1999
Last updated: 2nd January 2000
This one's more of a warning than an outright flaw in ScramDisk.
One of the major security features ScramDisk boasts when compared with other disk encryption systems is that it's container (aka volume) files appear to contain true random data (not pseudorandom data); there is no header information to identify these files as ScramDisk volumes.
However, some of the data within a ScramDisk volume could be duplicated, increasing the chances of the file being correctly identified for what it is by an attacker.
When a Scramdisk container is created, random key material is made. The size is 1024 bytes for initialization vectors and whitening values plus the encryption key length. This material is encrypted with a SHA1 hash from the passwords and saved at offset 0x0000 and at offset 0x1800 (6144 decimal) within the volume file.
The chances of a large file containing an extremely high amount of entropy, and with the 1024 or so bytes at the start of the file repeated, being anything other than a ScramDisk volume is very low, thereby reducing the "plausible deniability" of ScramDisk volumes.
It should be noted that ".WAV" files with ScramDisk data do not have this second table, and are therefore do not have this problem.
After creating a ScramDisk volume, take a look at the volume file with a hex editor at offsets 0x0000 and 0x1800. Notice how the data stored at these locations onwards is the same?
Workaround: Change your password.
When the passwords are changed, the key material at offset 0 is reencrypted with the new password hash, and the same data should not be stored from these two offsets in the file.
Please see also ScramDisk Volumes Can Have Their Passwords "Reset"
Thanks to Svend Olaf Mikkelsen for pointing this one out to me!
Email me at: sdean12@sdean12.org
Return to the Attacking OTFE; Known Security Flaws in Certain OTFE Systems page