Slashdot Mirror
Security Researchers Want To Fully Audit Truecrypt
Hugh Pickens DOT Com writes "TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. 'Lots of people use it to store very sensitive information,' writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. 'That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this.' According to Green, Truecrypt 'does some damned funny things that should make any (correctly) paranoid person think twice.' The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. 'As it can't be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.' Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. 'We're now in a place where we have nearly, but not quite enough to get a serious audit done.'"
I am shocked, and frankly a little pissed off that Version 6 and Version 7 aren't identical.
Thirty four characters live here.
Yeah, it's a typo. The privacy report says in the last full paragraph on page 13:
As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.
Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.
That was meant to be "second to last full paragraph".
Well, we can't trust that copy/paste hasn't been back-doored.
If you can't even trust your clipboard what can you trust?!?!?!
Looking at the current state of science you can only trust what's in your grey matter. Anything outside that can be listened to / intercepted or otherwise processed by the NSA.
TrueCrypt has a custom license and it is unclear how it mixes with other licenses. This makes code-sharing between TrueCrypt and other projects problematical.
According to TFA nobody knows who wrote TrueCrypt.
The answer to the problem is simple: relicense TrueCrypt. If there are no known authors, there's nobody to complain.
Certainly not that keyboard with the keylogger embedded in it!
All typos in the writeup aside, the TrueCrypt FAQ states:
In addition to reviewing the source code, independent researchers can compile the source code and compare the resulting executable files with the official ones. They may find some differences (for example, timestamps or embedded digital signatures) but they can analyze the differences and verify that they do not form malicious code.
If so, why would it cost $16,000 to do that? Heck, I bet somebody would do that, and also do "a full security audit" of the source code, for free.
When I used to use TrueCrypt years ago, I assumed someone had already done that. But I never found any proof, so I stopped using it. Will the $16,000 maybe be used to pay someone to do that formally and publish the results?
The government has mind-control lasers.
You can't even trust your own head, unless you're wearing one of my patented CRAnial Protection devices. Only 99.99 if you buy it now, though we'll soon have to take payment in gold, silver, or bottlecaps.
...I thought the main point of the "open source is more secure" argument was that this process supposedly happened on its own, organically?
For your security, this post has been encrypted with ROT-13, twice.
Yeah, it's a typo. The privacy report says in the last full paragraph on page 13:
As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.
Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.
As I can't make sense of this sentence even as corrected, I however can't preclude that there is still a typo.
I am not a crackpot.
...if you distribute modified versions of TrueCrypt, you cannot charge for copies. That is non-free...
...nothing in the license constitutes a promise not to sue for copyright infringement. Our counsel advises that a plain reading of this indicates that if Fedora complies with all the requirements of the TrueCrypt license, we would nonetheless have no assurance that TrueCrypt will not sue me for my acts of copying, distribution, creation of derivative works, and so forth...
TrueCrypt seems to be reserving the right to sue any licensee for copyright infringement, no matter whether they comply with the conditions of the license or not. Based on this, our counsel advised that above and beyond being non-free, software under this license is not safe to use...
Our counsel advised us that this license has the appearance of being full of clever traps, which make the license appear to be a sham (and non-free).
Given all of this, plus the problems with TrueCrypt authorship etc. I think the best course of action is replacing with a free implementation, maybe starting with something like this?
Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone.-rms
Pink pony ... fully audited Truecrypt ... Pink pony ... fully audited Truecrypt ... choices, choices, choices.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Wait. You trust Clippy?
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
I do have one question, if you need reliable encryption and privacy why is your operating systems Windows?
"If any question why we died, Tell them because our fathers lied."
http://www.exploit-db.com/exploits/3664/
"If any question why we died, Tell them because our fathers lied."
As I can't make sense of this sentence even as corrected, I however can't preclude that there is still a typo.
Yeah. What he said. No version of that original sentence makes any sense to me anyway.
I use the best encryption ever for everything I need to keep secret. The algorithm is a simple bitwise XOR applied to every byte in the file, using the data itself as a one-time pad. Completely uncrackable unless you know the data that was used for the pad.
The output also compresses really well!
=Smidge=
Seriously, now, if Bruce is really that reluctant to run a Linux installer, then he can find plenty of us willing to give him a hand, for the cause.
Setting up, say, Fedora 19 (or some other distro with LUKS in the installer) with VirtualBox, to run the Windows apps he needs and a basic set of productivity apps, is a 1-2 hour job for somebody who has done it before.
While it could have been worded better, I did understand the author's intent of the comment.....
A lot of people apparently use Truecrypt 6.0a and earlier. I don't believe sourcecode for those earlier versions has ever been published. That means people could be using a binary that is completely different than the Truecrypt 7...complete with backdoors or other vulnerabilities. No matter how much you analyze Truecrypt 7 software, all Truecrypt 6.0a and earlier versions should be considered vulnerable.
Of course you can compile it yourself. The only reason why some people think it's non-free is because the license is weird.
The writing random bytes thing, but only on Windows, is rather puzzling. It seems like one way to build confidence that's faster than setting up a deterministic build (which at any rate, would not necessarily be accepted by the TrueCrypt authors it seems), would be to open up the binaries in IDA Pro and figure out if the bytes written there on Windows truly are random or if they are not.
It's not open source.
Not open source? The source is available for download here.
You can't compile it yourself. You have no idea what is in the source.
You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.
"TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it except the NSA.
FTFY
Ask the author how they compile it. Get that exact source and compile it that way. Then work out each difference. Libs get searched in directory or date order? Tweak that. Till all that is different are a few timestamps NIC MAC's, etc.
Then just audit the source. Non-trivial in itself.
Not open source? The source is available for download here.
You can't compile it yourself. You have no idea what is in the source.
You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.
Grandparent probably refers to Open Source Software, which is a formally defined term. It's not enough that you can merely read the source, you have to be able to redistribute it and any changes, too.
Wonder what the public key field is for?
GPG isn't perfect either. Trying to get it to compile on Solaris or AIX is a very long exercise in grabbing libraries, building them, grabbing more libraries (prereqs), and a long chain of code. It would be nice if GPG had far fewer dependencies.
Of course, there is NetPGP (which is used in NetBSD because GPG is GPL v3 licensed), but I wonder how hard it would be to port that to other operating systems and rely on its security.
Also, GNUpg is for file encryption. Volume encryption requires a different set of code.
This summary is a lot like the header of a Truecrypt volume in that it may contain crucial information in scrambled form.
The rest of TFA explains that the header of a Truecrypt volume either contains encrypted zeros (using the Linux version) or "random bits" when using the Windows client. The implication is that these "random bits" could actually contain the encrypted key to the volume.
The government has mind-control lasers.
You can't even trust your own head, unless you're wearing one of my patented CRAnial Protection devices. Only 99.99 if you buy it now, though we'll soon have to take payment in gold, silver, or bottlecaps.
What?! No bitcoins?!
Maybe Brasil could be asked for sponsoring this audit ?
It would fit into their current intentions, eg
http://www.theguardian.com/world/2013/sep/20/brazil-dilma-rousseff-internet-us-control
Is it actually that the NSA can't break TrueCrypt, and this is FUD to make people think twice about using it?
Wait. You trust Clippy?
It looks like you're trying to keep a secret. Would you like me to search online for help on keeping secrets?
Be in no doubt. You are NOT witnessing an attempt to ensure the security of Truecrypt. You ARE seeing a standard FUD play by NSA people against one of the greatest thorns in their side.
Put this in the same category as those regular stories that appear on Slashdot and elsewhere, telling you that you CANNOT ever be sure that your erased data on your Hard-drive cannot be recovered by sophisticated forensic analysis of the magnetic surface. The NSA even paid to have a peer-reviewed paper placed in the scientific literature claiming such recovery is possible- despite the fact that such a claim is provably laughable.
Here's the mathematical proof of NONE recoverability of properly deleted data.
- let us say that you fill a HDD with target data, and now over-write that data with a RANDOM series of bytes. If the original data CAN be recovered, we have DOUBLED the capacity of the HDD, because logically there can be no distinction between the original data, and the random data used to erase it.
- now, let's say we wipe again with another random sequence. If the original data can be recovered, we have TRIPLED the capacity of the HDD, for the reason stated above.
- and again, we wipe with another random wave. If the original data is STILL recoverable, we have quadrupled the functioning capacity of the HDD.
- repeat, etc.
The problem is that the HDD is designed, given the head, recording signal, and surface material, to only support the original capacity under the signal theory that covers the current method of recording. It does NOT matter that in theory, the disk material MAY be able to save far more data with a different head, and signal method. Only the current method matters.
But the owners of Slashdot will allow periodic FUD articles to appear that DISCOURAGE people from using proper file erase tools, on the basis that its actually a waste of time, because the NSA can still get your data no matter how you erase it.
Much of what the NSA engages in is PSYCHOLOGICAL WARFARE. Major US TV networks and film studios, for instance, have been ordered to NEVER reveal the fact that ALL mobile phones in the USA have their location continually tracked by cell tower triangulation methods. While is is actually LAW in the US that every cell phone must have continuous location tracking ability, the US government believes many criminals are inherently stupid, and will allow their cell phones to produce evidence against them ***IF*** they have false ideas about how cell phone technology works. US Dramas like 'Shameless' (the US remake) and films like 'The Call' have actually informed the audience that ONLY phones with real GPS chips can be location-tracked- a complete and total lie, but a lie designed to sink into the unsophisticated minds of the sheeple.
The truth about the strength of Truecrypt is the complete LACK of stories about Truecrypt being defeated in practice. Shills will try to tell you that this is because Truecrypt is defeated in super-secret cases you can't be allowed to hear about, but this is a nonsense for two reasons. If you are a high level target of the NSA, nothing can save you, so the security of any encryption system is irrelevant. If systems like Truecrypt are defeated as part of ordinary governmental actions, the government, by law, has to allow this fact to be known (the RIGHT to a fair trial, etc).
So instead, you get this FUD attack against Truecrypt, which will persuade a certain percentage of suckers to NOT bother using Trucrypt in the first place, give up using it, or transfer to a commercial alternative that is DEFINITELY compromised by the NSA (ALL commercial encryption software is compromised).
The ones setting up the auditing.
The first thing that needs to happen (I don't see it on ther website) is to develop the world's trust in this audit team's leaders.
No they weren't. They specifically say:
It's not open source. You can't compile it yourself. You have no idea what is in the source.
Which is patently false. You can know what's in the source merely by looking at it (if one couldn't this whole story wouldn't exist) and one compile it.
(Seriously?)
It passes the "intent of copyright law" test (if they aren't exercising their monopoly (the very incentive that copyright offers) then the copyright serves no purpose). Copyright without market participation just doesn't make any sense at all.
It passes the "golden rule" test (if I released something anonymously but forgot to grant explicit permission to make derived works, then I wouldn't bitch if someone else opened it, thereby allowing my software to become maintained). Put the shoe on the other foot, and it fits.
Furthermore, if you don't know who did it, then for all you know, they're literally dead. A corpse cannot possibly be a victim; there's basically nothing unethical you can do with a corpse, except maybe feed it to someone for purposes of distressing them. Along the same lines, they might simply not-give-a-fuck (but be alive). You can commit an ethical infringement against someone who doesn't consider it to be an infringement.
You have no reason to suspect that whoever wrote it, has a problem with relicensing. I'm not saying that makes it permissable/safe/etc to relicense, but ethical? I think the ethics here are pretty well covered. Copyright currently has totally insane durations, far beyond the 5 years that ought to be normal for software. When someone releases something anonymously under such a system, they are damn well accepting that plenty of people wil be ethically disregarding any copyright, and that from a purely (i.e. admittedly non-pragmatic) ethical viewpoint, it simply isn't copyrighted. You can't have an anonymous ethical copyright. There's nothing to infringe, except per the law, and ONLY the law.
Look at it this way: I'm not saying it's ethical to do just anything to anonymous people, of course, but when someone chooses to be anonymous, they really are consenting to give up certain rights, pertaining to the action they perform anonymously. Asserting an anonymous copyright is a totally bullshit move and it's an ethical error to assign the same respect to it, that you'd give to a serious person.
Not open source? The source is available for download here.
Wow, TIL Truecrypt is open source :/
Join the Slashcott! Feb 10 thru Feb 17!
The current version of TrueCrypt is 7.1a. Why are they only talking of older versions?
How else did you expect them to audit the source if it wasn't publicly available?
It's not well-written.
Here's what it's saying:
* We can audit the TrueCrypt source code.
* TrueCrypt for Windows is distributed as a binary.
* We can't verify that the TrueCrypt for Windows binary is actually built from the TrueCrypt source code.
* Thus, we can't (effectively) audit the TrueCrypt for Windows binary.
They give an example of one backdoor of concern in the sentence, but really the logic is true for any arbitrary security concern.
the header of a Truecrypt volume either contains encrypted zeros (using the Linux version) or "random bits" when using the Windows client.
WTF? Never mind what's lurking in the Windows client, why the fuck does the Linux version contain an encryption of known plaintext? If you have to bruteforce the decryption, it's a hell of a lot easier if you know what a given block should decrypt to. (And if the algorithm is weak, then knowing the plaintext and the encrypted text is a dead giveaway on the key.)
It's time to assume that all forms of encryption and communication have been compromised and probably have been for many years. There's no coming back from this when the most powerful country on Earth intends to keep things this way.
Between the copy action and the paste action, the NSA was able to get in, read the copied text, parse it and then subtly alter it in order to cause confusion and distrust among us. We must act now!
I found an apt quotation from Edmund Burke we should all take to heart regarding acting against the NSA. I'll copy it here:
"The only thing necessary for the triumph of evil is for good men to do something."
----------------------------------- My Other Sig Is Hilarious -----------------------------------
You jest, but copying from web pages is indeed not without danger.
Why bother audting a closed binary which can change drastically from one version to the next, requiring a near-complete (if not total) re-audit (a laborious process the first time around)?
The better solution is to look to open source implementations, like tcplay. Audit an open source implementation, where it's easy to see exactly what changed and how it might affect the machine's state.
This is a bad solution to a non-problem.
Well, technically there's nothing stopping people from "decompiling" the binary to its assembly code, but of course that's a massive pain in the ass for any non-trivial program.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Well, we can't trust that copy/paste hasn't been back-doored.
You laugh, but remember that story a few months back about photocopiers which swapped in the wrong digit for 'fuzzy' regions of the original text? (they were doing a best-guess match to other sections of the image)
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
If you have the source, you can always compile your own binary.
Using the same compiler and related software as the official distributor did, that should give an identical binary as result, no?
Did you also learn that you're a clueless fuckface that speaks before you talk?
It's not open source.
Not open source? The source is available for download here [truecrypt.org].
I see. So Microsoft Windows is also open source you say?
After all, the source is available for download here: http://www.microsoft.com/en-us/sharedsource/default.aspx
In both cases, you can see the code, and compile it.
In both cases, the license does NOT grant you permission to copy the compiled binary anywhere, or to distribute it.
Seeing the source does not make it Open Source, which has nothing to do with the source, but is ALL about the license.
Really? TrueCrypt is as close to "trivial" as you'll get in any practical program. It's a much easier job than any game cracker would deal with nowadays. No fancy-ass installer, one fairly small monolithic binary, and you can see the source it's supposed to come from.
In fact, if you compile it yourself (kind of a pain because of the awkward build env) you can get very very close. Most build toolchains embed build dates, GUIDs and the like, so it's normal for there not to be an exact match.
Looking at the actual differences between a self-built version and the distributed version can easily reveal that all the code is the same and the only differences are in metadata sections and the Truecrypt Foundation's Authenticode digital signature on the end of the official binary. Looking at the source code can easily reveal any parts that are coded to behave differently if these differ, as these would be very suspicious and hard to obfuscate (there are none). And, if you like, disassembling the object code - not THAT hard with Ollydbg or the like, or IDA Pro - with an independently-produced tool on an independently-produced platform would very, very likely reveal any compiler (Ken Thompson-esque) backdoors.
Hardly an insoluble problem.
Going lower than that requires an open-source operating system; lower than that would be impractical at this point as it would require a CPU with open masks and open (or no) microcode as part of a known quantity, a control sample of which has been exhaustively verified to be untampered/not re-doped.
no. Depending on the compiler/flags/etc, two consecutive builds from the same source may have different signatures (timestamps in the binary, etc.) This means that after the build, the binary will have to be inspected to see WHICH parts changed. This is not always as easy as it sounds.
0xB315AA8D852DCD3F3DCA578FD2E0BF88
That's not really auditing, that's reverse engineering. But yes.
That's why it's part of this project to move TrueCrypt to the same "deterministic build" process that TOR uses. Anyone should be able to build from the source, download the binary, and get an exact match. That has become a necessary part of any security software, and a basic failing of TrueCrypt today.
Socialism: a lie told by totalitarians and believed by fools.
Yes in theory, no in practice.
Of course, once you've audited it, you can compile the audited source and distribute that.
It's not like it's some huge problem. It just managed to get called out and picked apart.
As was mentioned above, digital signature key used to sing Windows executable are not released. Therefore, it will never be possible to get a binary result identical to what is published on TryueCrypt website.
Well they would have to come forward to launch legal proceedings, wouldn't they?
"Copyright (c) 2008 TrueCrypt Developers Association. All rights reserved."
No. Only a legal representative of the TrueCrypt Developers Association needs to come forward. No programmer is necessary. Business types and lawyers will do.
You can't see the source, you are in the position of having to trust.
Windows source code was (is ?) available to university researchers working on projects that Microsoft finds interesting. A friend (PhD candidate) was on such a research project.
If Microsoft allows professors and students to see the Windows source code I'd wager that governmental entities are allowed to see it as well.
In both cases, you can see the code, and compile it. In both cases, the license does NOT grant you permission to copy the compiled binary anywhere, or to distribute it.
That is irrelevant with respect to audits. If your build matches the official build then your build does not need to be distributed, its redundant.
Rebuilding from the same tools and versions does not recreate the same binaries? (barring some basic changes like date/time/headers)
As was mentioned above, digital signature key used to sing Windows executable are not released. Therefore, it will never be possible to get a binary result identical to what is published on TryueCrypt website.
If the code is the same and the differences are only in an appended signature and embedded timestamps then it would be practical to verify the binary.
To be honest the last time I did such a comparison was a couple of major revisions of Dev Studio ago.
Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.
And even tho he made a typo, give that man a cookie for doing it himself and not taking the lazy way out.
---- Booth was a patriot ----
> but forgot to grant explicit permission to make derived works
They did not forget - they laid out the permissions they wanted to grant in their license.
> You have no reason to suspect that whoever wrote it, has a problem with relicensing.
Suspect? We KNOW exactly what they have a problem with and what they don't - it's right there in black and white.
You could trust your clipboard only If you examined al of the sources for your keyboard controller, bios and is, and compiled them yourself with a trusted compiler.
Ah crap, it's lack of trust all the way down.
There are so many things you can pick on this way, it seems like these guys have business model to use crowd-funding to get paid (in advance) for work they can't get or do otherwise. Not fooled.
got the binary handy?
http://www.jetico.com/
Tried and tested. Been around for decades. While not "open source," the full unix source code is free and is well maintained, including package metadata for popular distributions. They charge for binaries but the full software is free (including GUI) if you download and compile it yourself.
The signature is appended and contains a hash of the remainder of the file (what it's signing). If you could actually recreate the TrueCrypt binary in its state before it's signed, it is absolutely trivial to verify that it's the same as what was signed in the signed binary (and thus is strictly the same, minus the signature). That's not the hard part at all.
So instead of taking the time to build it from source, diff the completed binaries and post the results, he's pushing FUD. Now if he really wants Truecrypt to be audited, then pay someone to do it or do it themself. While you're at it, post instructions on how to build it from source so others can do so and then check the finished binaries against what ever downloaded version that's being run. We may end up finding those that have been hacked by what ever TLA (three letter agency) you deign to bitch about.
Fast Turtle
The Author is a god damn idiot. Since the source code is available, simply build the god damn thing from source and diff the binaries. If they match, you're pretty much assured they're the same. If they don't match, the you can run around screaming "The Sky is Falling" like any other Chicken Little and at least people who know better will check and see if you're right, just to prove you wrong. Otherwise we simply can't be bothered to test you're fucking theory.
Compilers themselves have been known to plant backdoors in the software they create as well.
The Tor guys just went through this process of creating deterministic builds to solve this problem. Fascinating process and some more info here: https://mailman.stanford.edu/pipermail/liberationtech/2013-June/009257.html
Have you actually disassembled (de-assembled?) anything before? Admittedly, I haven't, but I *have* done assembly programming, and there's no such thing as a trivial assembly program that does more than print "Hello world." Yes, maybe it's simpler than a commercial game, but you're still dealing with completely unlabelled registers and memory addresses in most commands and almost total lack of syntactic sugar for readability.
I take issue with your flippant use of the word "easily" but acknowledge that it could be done.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Outstanding, made my morning.
It already has been shown to be back-doored: http://support.sharethis.com/customer/portal/questions/852209-remove-see-more-sthash-link-from-copy-paste
Because if the encryption algorithm was vulnerable to a known plaintext attack, it would be considered insecure and not used at all.
Most human behaviour can be explained in terms of identity.
Sadly this misquote has a kernel of truth. Specifically in the "do something" part. Unless the goodness of the something is inherent the result could well be evil. Much harm has been done by people believing that goodness derives from the intent not the result of the act.