Security Audit Of TrueCrypt Doesn't Find Any Backdoors — But What Will Happen To TrueCrypt?

from the questions-still-left-to-be-answered dept

Over the past few years we’ve followed the saga of TrueCrypt. The popular and widely used full disk encryption system got some attention soon after the initial Snowden leaks when people started realizing that no one really knew who was behind TrueCrypt, and that the software had not been fully audited. Cryptographer Matthew Green decided to lead an effort to audit TrueCrypt. A year ago, the team released the first phase, finding a few small vulnerabilities, but no backdoors and nothing too serious. This week the full audit was completed and again finds no evidence of any backdoors planted in the code. Matthew Green’s blog post on the report provides the key details, which notes a few small issues that should be fixed, but nothing too serious:

The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

That doesn’t mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming — leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we’d like it to.

For example: the most significant issue in the Truecrypt report is a finding related to the Windows version of Truecrypt’s random number generator (RNG), which is responsible for generating the keys that encrypt Truecrypt volumes. This is an important piece of code, since a predictable RNG can spell disaster for the security of everything else in the system.

However, as Green notes, the problem with the way its implemented in TrueCrypt would only be a problem in “extremely” rare circumstances that wouldn’t impact most users. But it’s still something that could be fixed.

But that’s where the problem lies. As you may recall, in the midst of all of this, the still anonymous developers behind TrueCrypt suddenly announced that it wasn’t secure and that all development had ceased. There have been some efforts to fork and rescue TrueCrypt, but that’s come with some skepticism as people feared what might be hidden in the code (and also some concerns about the TrueCrypt license.

Hopefully this new audit puts at least some of those concerns to rest (though it’s always good to be paranoid when building security software) and people do really put an effort developing an updated version of TrueCrypt. For what it’s worth, I’ve seen a bunch of articles claiming the audit shows that TrueCrypt is safe. That’s not quite true. It’s just saying they didn’t find anything — which should be very re-assuring, but you can never say with 100% certainty that the code is safe. Either way, what’s needed now is more development moving forward.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Security Audit Of TrueCrypt Doesn't Find Any Backdoors — But What Will Happen To TrueCrypt?”

Subscribe: RSS Leave a comment
Socrates says:

Re: Offline

No it isn’t.

Temporarily disconnecting Internet would not prevent a keylogger from transmitting private data once you reconnect. A permanently disconnected device would be safer in this regard. This is sometimes referred to as a “air firewall”. It is common for higher grade military systems and less common than it should in the rest of the society.

And, disc encryption provides a different kind of protection. It protects against physical intrusions. It prevents planting of false evidence, it prevents criminals from stealing information, it prevents TSA from copying your private photos, and so on, as long as only you hold the key.

A very determined attacker might still get the key. If the devise is on and the key is stored in volatile memory (when the disk have been mounted), the information may be frozen long enough by applying a strong cooling substance, and accessing the information directly with an external analyzer connected to the chips. It is a hassle for an attacker though.

Offline and disk encryption gives good protection.

Anonymous Coward says:

Re: Re: Offline

I seem to remember something in the 30c3 talk by Jacob Appelbaum about circumventing air-gapped machines, all seemed very far fetched but the tech was certainly there.
It sounds depressive but if they really want to get to you, there’s every chance they will get to you.

Socrates says:

Re: Re: Re: Diminishing returns

Sort of.

That is why there is a point in using disk encryption in the first place. If they get inside your home an attacker can do all sort of bad stuff. And not only with electronic devices. The same goes for TSA at the airport. They rape and steal, and fondle both devises and people. They do so to the extent that many people choose riskier transports such as cars. Being easy targets encourage the TSAs of this world and there might be more of them, and at new places.

Tempest (radio wave surveillance) is also an attack vector. They may park a “van” outside your home to pick up signals transmitted from your keyboard, wires, and so on.

They may intercept hard-drives and infect them, so if you ship any media it might contain information you would like to keep private.

And they might use the “wrench” on you instead of the computer. “Give us secrets or kiss your … goodbye”

There is a difference between these, and snooping on billions of computers/phones/tabs: Cost and effort!

If encryption and air gapping were more common it would be more difficult for the bad guys to do bad things. The world would be a better place

Anonymous Coward says:

Re: Re: Offline ... "air firewall" or "air gap"?

A permanently disconnected device would be safer in this regard. This is sometimes referred to as a “air firewall”.

I didn’t think that air made a particularly good firewall, but it does make an excellent piping backflow preventer, since water cannot easily flow across an air gap. Some people refer to a network-disconnected computer as “air gapped” — whether or not that’s the proper term.

Anonymous Coward says:

Re: Re:

That only works until someone gets physical access to your ‘removable drive’ – like, for instance, border control at a border or a random police officer during a traffic stop.

Or, even, someone stealing your device out of your car/house/office. Because that NEVER happens.

What you are proposing is effectively no security at all. It’s beyond naive.

Anonymous Coward says:

Re: Re:

“You don’t need encryption if you go offline everytime you do something local.”

That’s the point of Truecrypt. Encrypting yourself ‘offline’ so as to prevent offline threats from compromising whatever it is you’re trying to protect.

Simply ‘unplugging’ is not enough in the world of espionage…

Matthekc says:

Re: Re:

That’s not what disk encryption is for… It’s to protect your disk in most normal cases from criminals if your computer is stolen. You put lots of personal info on your computer tax returns, scans of important documents, and emails… at least I do. Good cross-platform encryption allows me to be able to do those things and sleep at night.

John Fenderson (profile) says:

Personally speaking

The results of the security audit are good enough that I will stop telling people to avoid TrueCrypt.

However, I am not going to start recommending it and will not begin using it myself. The statement of no confidence that the developer made is enough to put a doubt in my mind that no security audit will entirely remove. Since there are several other alternatives available that are well established and widely trusted, there’s no need to live with that niggling doubt.

Anonymous Coward says:

Re: Personally speaking

Why would you stop telling people to encrypt themselves offline?

I don’t know what your client base consists of, but it certainly doesn’t hurt any one to have localized encryption…

Btw, which alternatives are you referring to?

As far as I know, there isn’t many…

John Fenderson (profile) says:

Re: Re: Personally speaking

“Why would you stop telling people to encrypt themselves offline?”

I would never stop recommending that, and never said that I would. I highly recommend whole disk encryption.

“Btw, which alternatives are you referring to?”

Here’s a handy quick comparison chart, although there are many others not listed there. It’s a decent starting point, though.

John Fenderson (profile) says:

Re: Re:

It’s possible, and even if that’s the case, there are still others that are at least equally as strong, so the loss is minimal.

“if that post was genuine, the anonymous author would have also told us how and why it was no longer secure.”

Not necessarily. In part, it depends on what the nature of the perceived insecurity is. It might not be a weakness in the code but in the team, for example. Also, it might be that the team was coerced into silence, such as through a gag order, and they didn’t want to risk prison.

Anonymous Coward says:

Re: Re:

TBH if that post was genuine, the anonymous author would have also told us how and why it was no longer secure.

This assumes the person making the post knows it. What if the person who discovered the vulnerability was kidnapped before he could tell the team what it was, (not as far fetched as it sounds, sadly) and the rest of the team only knows, “Mike thinks there’s a flaw and went missing. We don’t know what it is, or even how to look for it, but Mike’s been pretty damn reliable.”

bougiefever (profile) says:

What were they threatened with to abandon their work?

It’s very chilling to consider the implications of the developers suddenly quitting their project. Not just quitting, but trying to kill it by announcing it is no good. People don’t just kill years of their own work over nothing. I think we can all agree that there is only one entity that could make this happen. How very, very scary. It does, however, make me want to get the latest build of TrueCrypt. It must be good for the US government to be so afraid of it.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...