Slashdot Mirror
Security Researchers Want To Fully Audit Truecrypt
Hugh Pickens DOT Com writes "TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. 'Lots of people use it to store very sensitive information,' writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. 'That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this.' According to Green, Truecrypt 'does some damned funny things that should make any (correctly) paranoid person think twice.' The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. 'As it can't be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.' Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. 'We're now in a place where we have nearly, but not quite enough to get a serious audit done.'"
Yeah, it's a typo. The privacy report says in the last full paragraph on page 13:
As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.
Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.
Expensive, unique, proprietary, complex software is going to seek out traces of the military industrial complex and its best software contractors.
Domestic spying is now "Benign Information Gathering"
Perhaps the $16,000 could be divided up and paid to multiple researchers who do their own separate analyses. Even better would be researchers on different continents, who pledge not to communicate with each other until their work is complete.
That discussion is about an older version of the TrueCrypt license. While the newer version hasn't been submitted for OSI certification, some say it does meet the Open Source Definition.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Except copyright law doesn't work that way.
How does copyright work in the case of anonymous authorship? I found this info which I make no attempt to explain . . .
In the US, there's this:)
(c) Anonymous Works, Pseudonymous Works, and Works Made for Hire. — In the case of an anonymous work, a pseudonymous work, or a work made for hire, the copyright endures for a term of 95 years from the year of its first publication, or a term of 120 years from the year of its creation, whichever expires first. If, before the end of such term, the identity of one or more of the authors of an anonymous or pseudonymous work is revealed in the records of a registration made for that work under subsections (a) or (d) of section 408, or in the records provided by this subsection, the copyright in the work endures for the term specified by subsection (a) or (b), based on the life of the author or authors whose identity has been revealed. Any person having an interest in the copyright in an anonymous or pseudonymous work may at any time record, in records to be maintained by the Copyright Office for that purpose, a statement identifying one or more authors of the work; the statement shall also identify the person filing it, the nature of that person's interest, the source of the information recorded, and the particular work affected, and shall comply in form and content with requirements that the Register of Copyrights shall prescribe by regulation.
And this
Anonymous Work
An author's contribution to a work is “anonymous” if that author is not identified on the copies or phonorecords of the work. If the contribution is anonymous, you may:
* reveal the author's identity even though the work is anonymous, or
* leave the author fields blank, or
* give “Anonymous” in the last name field.
Note that if a work is “made for hire,” you must name the employer as author. In any case, you should check the anonymous box.
And internationally, there's this advice from wikipedia.
I am not a crackpot.
It's not open source.
Not open source? The source is available for download here.
You can't compile it yourself. You have no idea what is in the source.
You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.
Ask the author how they compile it. Get that exact source and compile it that way. Then work out each difference. Libs get searched in directory or date order? Tweak that. Till all that is different are a few timestamps NIC MAC's, etc.
Then just audit the source. Non-trivial in itself.
Not open source? The source is available for download here.
You can't compile it yourself. You have no idea what is in the source.
You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.
Grandparent probably refers to Open Source Software, which is a formally defined term. It's not enough that you can merely read the source, you have to be able to redistribute it and any changes, too.
Wonder what the public key field is for?
This summary is a lot like the header of a Truecrypt volume in that it may contain crucial information in scrambled form.
The rest of TFA explains that the header of a Truecrypt volume either contains encrypted zeros (using the Linux version) or "random bits" when using the Windows client. The implication is that these "random bits" could actually contain the encrypted key to the volume.
From nearly 7 years ago and it wasn't a cryptographic backdoor.
I have a fair amount of experience in the field (I'll leave it at that, as my credentials are not of relevance to my point). I performed an audit of TrueCrypt 6.0 when it came out, and I was not able to detect anything wrong. A few details of the header format are a little out in the documentation (e.g. GF(256) addition instead of XOR for whitening, but hardly of any security impact, the curious choice of RIPEMD160 in the morning, which actually seems to be due to simple "it fits" criteria) but that's about it. I didn't see any 'back doors' in the copy I had. (Obviously, with the concerns regarding x.509 CAs and TLS, I can't speak for the copy you might have.)
The only times I've ever seen TrueCrypt cracked by SIGINT or LE agencies, it involved: hardware keyloggers, Firewire DMA attacks, NONSTOP attacks (or 'cold boot' attacks as the open-source security community later dubbed them - they're not as new as you'd think, crackers were doing them in the 80s - when they were, admittedly, easier), or brute-force analysis of short crappy passwords. They used Cell processors in parallel to do that (at one point, literally a cluster of PlayStation 3s running Linux). This is consistent with TrueCrypt's documentation. They have certainly failed to crack TrueCrypt in several high-profile terrorism cases where they would really, really like to do so. It seems reasonable to conclude that in general, they cannot work through it, only around it.
It also seems likely that if they are unable to crack it, they are likely to dissuade people from using it by social engineering, and perhaps direct them to weaker tools that are easier for them to subvert. I concur with parent on that point.
But ultimately, you don't have to trust me. You shouldn't. Many eyes do make bugs shallow, as long as the eyes are actually there and actually look. A few more eyes definitely can't hurt on a security-critical project like this. Please, by all means independently audit it. It is good practice that all software with a security impact, particularly high-profile cryptography software, should be audited whenever possible. That is entirely laudable, and we should do it.
That's why it's part of this project to move TrueCrypt to the same "deterministic build" process that TOR uses. Anyone should be able to build from the source, download the binary, and get an exact match. That has become a necessary part of any security software, and a basic failing of TrueCrypt today.
Socialism: a lie told by totalitarians and believed by fools.