Schneier's Job Is To Stay In The News, Not To Actually Do Anything Useful
>>> Schneier, CTO of BT Counterpane, told Dark Reading that although this version will "definitely close some of the leakages, but it's unlikely that it closed all of them". <<<
Why doesn't someone as "awesome" as Schneier simply join the tiny, struggling TrueCrypt team, and help it to close the rest of those pesky leakages? Complain, complain, complain. I've already written a bit about this on here, back on Tuesday, 30th October 2007:
"One major use I have for desktop virtualization, is for creating a high-security environment, for people who have stuff to hide. I put VMware virtual machines inside of TrueCrypt containers, thus getting around the need to use time-consuming products like CyberScrub (which securely erases files and unused disk space). I call this the "box within a box within a box" approach, as the physical computer is the outer box, which contains the safe, which contains the virtual computer. I'm curious as to whether anyone else does this, and I look forward to the conference."
The above is the answer to the leakage problem. The only problem left is how to explain the presence of a multi-GB file on your drive. That's not too easy, but certainly easier than creating your own, perfect version of TrueCrypt, from scratch. For example, write a program which treats the encrypted container as if it were a huge database of real estate listings, and tell the border guys that you sell homes for a living. In other words, write a program which maps the encrypted data to some output resembling data which you wouldn't bother to hide, or which reads actual real estate data that's been tacked onto the end of the file, or which simply pretends to extract such data from the encrypted data. If you do the first one, the solution is related to data compression, where you map one file to another, as you can, theoretically, create a program which transforms any one set of data into another, although this is most certainly the hardest one of the three options. Regardless of which way you go, the idea is to make the TrueCrypt container appear as a huge database for some program you use to prop up your "business".
Of course, if you live in a country where you can be sent to prison for not revealing the password, much less for what the password actually protects, then you have to be very careful about the construction of this program, but going this route is certainly better than writing a conference paper about how we don't have a real, usable DFS. Come on people, get creative. Even my British cat, Mr. Fluffer Wickbidget, III, knew this one, and he spends a lot of time licking himself.