I don't know of any exploits, given proper choice of ciphers and a good
passphrase, except for the swap file. If you are talking about Winbloze and
you have enough RAM (1G or more) consider permanently disabling your swap
file for better overall security.

"Crypto is only as good as the weakest bone in your body"

Richard Malchik wrote in alt.security.pgp on Monday 12 July 2010 10:28 in
Perhaps these articles will answer your question.

===========================================================================

Brazilian banker's crypto baffles FBI
18 months of failure

By John Leyden -

Posted in Enterprise Security, 28th June 2010 11:49 GMT

http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/

Cryptographic locks guarding the secret files of a Brazilian banker
suspected of financial crimes have defeated law enforcement officials.

Brazilian police seized five hard drives when they raided the Rio apartment
of banker Daniel Dantas as part of Operation Satyagraha in July 2008. But
subsequent efforts to decrypt files held on the hardware using a variety of
dictionary-based attacks failed even after the South Americans called in
the assistance of the FBI.

The files were encrypted using Truecrypt and an unnamed algorithm,
reportedly based on the 256-bit AES standard. In the UK, Dantas would be
compelled to reveal his passphrase under threat of imprisonment, but no
such law exists in Brazil.

The Brazilian National Institute of Criminology (INC) tried for five months
to obtain access to the encrypted data without success before turning over
the job to code-breakers at the FBI in early 2009. US computer specialists
also drew a blank even after 12 months of efforts to crack the code,
Brazil's Globo newspaper reports.

http://g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html

The case is an illustration of how care in choosing secure (hard-to-guess)
passwords and applying encryption techniques to avoid leaving file fragments
that could aid code breakers are more important in maintaining security than
the algorithm a code maker chooses. In other cases, law enforcement officials
have defeated suspects' use of encryption because of weak cryptographic
trade craft or poor passwords, rather than inherent flaws in encryption
packages.

===========================================================================

FBI hackers fail to crack TrueCrypt

Open source encryption on Brazilian banker's hard drive
baffles police dictionary attack

By John E Dunn - Computerworld UK
Published: 10:55 GMT, 30 June 10

http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/

The FBI has admitted defeat in attempts to break the open source encryption
used to secure hard drives seized by Brazilian police during a 2008
investigation.

The Bureau had been called in by the Brazilian authorities after the
country's own National Institute of Criminology (INC) had been unable to
crack the passphrases used to secure the drives by suspect banker, Daniel
Dantas.

Brazilian reports state that two programs were used to encrypt the drives,
one of which was the popular and widely-used free open source program
TrueCrypt. Experts in both countries apparently spent months trying to
discover the passphrases using a dictionary attack, a technique that
involves trying out large numbers of possible character combinations until
the correct sequence is found.

Brazilian reports mention that the authorities had no means of compelling
the makers of TrueCrypt to help them though it is hard to see how its
creators could have helped.

If a complex passphrase has been used -- a random mixture of upper and lower
case letters with numbers and special ASCII characters throw in -- and the
bit length is long, formidable computing power and time would be required
to chance upon the correct passphrase.

TrueCrypt also uses what is termed a 'deniable file system' approach to
encrypting whole hard drives. Under this design, the existence of the
encrypted partition will not be obvious to anyone examining the drive
allowing the individual using such encryption to plausibly deny its
existence.

The logic is persuasive. If an encrypted partition or files is detected by
investigators is puts the person using the encryption in the difficult
position of having to refuse to disclose the passphrase, a potentially
incriminating stance.

By interesting coincidence, around the time of the arrest of Daniel Dantas
in 2008, a team including encryption celebrity Bruce Schneier found
weaknesses in Truecrypt 5.1's implementaion of the technology that could
compromise the plausible deniability design.

Although 'data leakage' of the sort noted by the team examining TrueCrypt
would not allow investigators access to the encrypted files it is possible
that this flaw betrayed the fact that encryption had been used by the
defendant.

===========================================================================