Security Audit Of TrueCrypt Doesn't Find Any Backdoors -- But What Will Happen To TrueCrypt?

from the questions-still-left-to-be-answered dept

Over the past few years we've followed the saga of TrueCrypt. The popular and widely used full disk encryption system got some attention soon after the initial Snowden leaks when people started realizing that no one really knew who was behind TrueCrypt, and that the software had not been fully audited. Cryptographer Matthew Green decided to lead an effort to audit TrueCrypt. A year ago, the team released the first phase, finding a few small vulnerabilities, but no backdoors and nothing too serious. This week the full audit was completed and again finds no evidence of any backdoors planted in the code. Matthew Green's blog post on the report provides the key details, which notes a few small issues that should be fixed, but nothing too serious:
The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

That doesn't mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to.

For example: the most significant issue in the Truecrypt report is a finding related to the Windows version of Truecrypt's random number generator (RNG), which is responsible for generating the keys that encrypt Truecrypt volumes. This is an important piece of code, since a predictable RNG can spell disaster for the security of everything else in the system.
However, as Green notes, the problem with the way its implemented in TrueCrypt would only be a problem in "extremely" rare circumstances that wouldn't impact most users. But it's still something that could be fixed.

But that's where the problem lies. As you may recall, in the midst of all of this, the still anonymous developers behind TrueCrypt suddenly announced that it wasn't secure and that all development had ceased. There have been some efforts to fork and rescue TrueCrypt, but that's come with some skepticism as people feared what might be hidden in the code (and also some concerns about the TrueCrypt license.

Hopefully this new audit puts at least some of those concerns to rest (though it's always good to be paranoid when building security software) and people do really put an effort developing an updated version of TrueCrypt. For what it's worth, I've seen a bunch of articles claiming the audit shows that TrueCrypt is safe. That's not quite true. It's just saying they didn't find anything -- which should be very re-assuring, but you can never say with 100% certainty that the code is safe. Either way, what's needed now is more development moving forward.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 3 Apr 2015 @ 7:46pm

    I would be very interested in knowing if the anonymous individual(s) behind TruCrypt released that statement (and resigned) of their own volition.

    We all know what ended up happening to Mr. Snowden's secure e-mail provider...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2015 @ 9:45pm

    You don't need encryption if you go offline everytime you do something local. You can achieve a greater amount of 'encryption' if you simply unplug and store all of your activity on a removable drive.

    It's that simple.

    reply to this | link to this | view in chronology ]

    • icon
      kyle clements (profile), 3 Apr 2015 @ 11:01pm

      Re:

      But we shouldn't have to.

      As citizens of what is supposed to be a liberal democracy, we should be able to implicitly trust our government not to spy on us.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2015 @ 12:06am

      Re:

      You don't need encryption if you go offline everytime you do something local. You can achieve a greater amount of 'encryption' if you simply unplug and store all of your activity on a removable drive.

      Ummm, so what keeps the data on your removable drive secure?

      reply to this | link to this | view in chronology ]

      • identicon
        Reality bites, 4 Apr 2015 @ 7:31am

        Nothing what so ever, its there for all to see.

        Especially with offline malware/virus's like Stutnex and the millions of variants they already have in use.

        A removable drive is great for the kids soccer photos but little else.

        reply to this | link to this | view in chronology ]

    • identicon
      Socrates, 4 Apr 2015 @ 12:41am

      Offline

      No it isn't.

      Temporarily disconnecting Internet would not prevent a keylogger from transmitting private data once you reconnect. A permanently disconnected device would be safer in this regard. This is sometimes referred to as a "air firewall". It is common for higher grade military systems and less common than it should in the rest of the society.

      And, disc encryption provides a different kind of protection. It protects against physical intrusions. It prevents planting of false evidence, it prevents criminals from stealing information, it prevents TSA from copying your private photos, and so on, as long as only you hold the key.

      A very determined attacker might still get the key. If the devise is on and the key is stored in volatile memory (when the disk have been mounted), the information may be frozen long enough by applying a strong cooling substance, and accessing the information directly with an external analyzer connected to the chips. It is a hassle for an attacker though.

      Offline and disk encryption gives good protection.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Apr 2015 @ 4:09am

        Re: Offline

        I seem to remember something in the 30c3 talk by Jacob Appelbaum about circumventing air-gapped machines, all seemed very far fetched but the tech was certainly there.
        It sounds depressive but if they really want to get to you, there's every chance they will get to you.

        reply to this | link to this | view in chronology ]

        • identicon
          Socrates, 4 Apr 2015 @ 6:18am

          Diminishing returns

          Sort of.

          That is why there is a point in using disk encryption in the first place. If they get inside your home an attacker can do all sort of bad stuff. And not only with electronic devices. The same goes for TSA at the airport. They rape and steal, and fondle both devises and people. They do so to the extent that many people choose riskier transports such as cars. Being easy targets encourage the TSAs of this world and there might be more of them, and at new places.

          Tempest (radio wave surveillance) is also an attack vector. They may park a "van" outside your home to pick up signals transmitted from your keyboard, wires, and so on.

          They may intercept hard-drives and infect them, so if you ship any media it might contain information you would like to keep private.

          And they might use the "wrench" on you instead of the computer. "Give us secrets or kiss your ... goodbye"


          There is a difference between these, and snooping on billions of computers/phones/tabs: Cost and effort!

          If encryption and air gapping were more common it would be more difficult for the bad guys to do bad things. The world would be a better place

          reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Apr 2015 @ 10:22am

        Re: Offline ... "air firewall" or "air gap"?

        A permanently disconnected device would be safer in this regard. This is sometimes referred to as a "air firewall".


        I didn't think that air made a particularly good firewall, but it does make an excellent piping backflow preventer, since water cannot easily flow across an air gap. Some people refer to a network-disconnected computer as "air gapped" -- whether or not that's the proper term.

        https://www.portlandoregon.gov/water/article/28137

        reply to this | link to this | view in chronology ]

    • identicon
      Rich, 4 Apr 2015 @ 6:07am

      Re:

      You seem to lack a basic understanding of how computers work and what they are capable of.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2015 @ 10:27am

      Re:

      That only works until someone gets physical access to your 'removable drive' - like, for instance, border control at a border or a random police officer during a traffic stop.

      Or, even, someone stealing your device out of your car/house/office. Because that NEVER happens.

      What you are proposing is effectively no security at all. It's beyond naive.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2015 @ 10:16pm

      Re:

      "You don't need encryption if you go offline everytime you do something local."

      That's the point of Truecrypt. Encrypting yourself 'offline' so as to prevent offline threats from compromising whatever it is you're trying to protect.

      Simply 'unplugging' is not enough in the world of espionage...

      reply to this | link to this | view in chronology ]

    • identicon
      Matthekc, 7 Apr 2015 @ 11:32am

      Re:

      That's not what disk encryption is for... It's to protect your disk in most normal cases from criminals if your computer is stolen. You put lots of personal info on your computer tax returns, scans of important documents, and emails... at least I do. Good cross-platform encryption allows me to be able to do those things and sleep at night.

      reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Edward Kosarin, 4 Apr 2015 @ 2:10am

    Money

    I had 330000 embezzled from me. I am 71 and in need of money

    reply to this | link to this | view in chronology ]

  • identicon
    simple, 4 Apr 2015 @ 10:04am

    It will continued to be used.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 4 Apr 2015 @ 4:26pm

    Personally speaking

    The results of the security audit are good enough that I will stop telling people to avoid TrueCrypt.

    However, I am not going to start recommending it and will not begin using it myself. The statement of no confidence that the developer made is enough to put a doubt in my mind that no security audit will entirely remove. Since there are several other alternatives available that are well established and widely trusted, there's no need to live with that niggling doubt.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2015 @ 10:23pm

      Re: Personally speaking

      Why would you stop telling people to encrypt themselves offline?

      I don't know what your client base consists of, but it certainly doesn't hurt any one to have localized encryption...

      Btw, which alternatives are you referring to?

      As far as I know, there isn't many...

      reply to this | link to this | view in chronology ]

  • identicon
    Zem, 4 Apr 2015 @ 5:47pm

    What better way to stop the public using an encryption you can't crack. Bail up the anonymous author, threaten them with jail, and make them post that it is not secure.

    TBH if that post was genuine, the anonymous author would have also told us how and why it was no longer secure.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 4 Apr 2015 @ 9:20pm

      Re:

      It's possible, and even if that's the case, there are still others that are at least equally as strong, so the loss is minimal.

      "if that post was genuine, the anonymous author would have also told us how and why it was no longer secure."

      Not necessarily. In part, it depends on what the nature of the perceived insecurity is. It might not be a weakness in the code but in the team, for example. Also, it might be that the team was coerced into silence, such as through a gag order, and they didn't want to risk prison.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Apr 2015 @ 8:02am

      Re:

      TBH if that post was genuine, the anonymous author would have also told us how and why it was no longer secure.

      This assumes the person making the post knows it. What if the person who discovered the vulnerability was kidnapped before he could tell the team what it was, (not as far fetched as it sounds, sadly) and the rest of the team only knows, "Mike thinks there's a flaw and went missing. We don't know what it is, or even how to look for it, but Mike's been pretty damn reliable."

      reply to this | link to this | view in chronology ]

    • icon
      BentFranklin (profile), 5 Apr 2015 @ 3:34pm

      Re:

      That's what I was thinking, Zem. The spy infrastructure has the resources to make the good seem bad and vice versa, almost at will.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2015 @ 11:31pm

    Fixing TrueCrypt

    Leaving questions about licensing aside, surely Matthew Green and co. are best placed and most trusted to fix the vulnerabilities: they must have done most of the work already.

    reply to this | link to this | view in chronology ]

  • icon
    bougiefever (profile), 6 Apr 2015 @ 9:49am

    What were they threatened with to abandon their work?

    It's very chilling to consider the implications of the developers suddenly quitting their project. Not just quitting, but trying to kill it by announcing it is no good. People don't just kill years of their own work over nothing. I think we can all agree that there is only one entity that could make this happen. How very, very scary. It does, however, make me want to get the latest build of TrueCrypt. It must be good for the US government to be so afraid of it.

    reply to this | link to this | view in chronology ]

  • identicon
    Rudi Pittman, 7 Apr 2015 @ 9:29am

    Veracrypt (a fork of truecrypt that existed long before truecrypt died) was created to actually INCREASE security in Truecrypt and it still exists/is updated.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.