Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Researchers Want To Fully Audit Truecrypt

Posted by Unknown on from the brought-to-you-by-the-makers-of-stuxnet dept.

Hugh Pickens DOT Com writes "TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. 'Lots of people use it to store very sensitive information,' writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. 'That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this.' According to Green, Truecrypt 'does some damned funny things that should make any (correctly) paranoid person think twice.' The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. 'As it can't be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.' Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. 'We're now in a place where we have nearly, but not quite enough to get a serious audit done.'"

3 of 233 comments (clear)

  1. Re:A costly analysis by Pino+Grigio · · Score: -1, Troll

    Why do you give a flying **** what the NSA are doing with your data? I don't. I'm more concerned about Russia, China and assorted hackers and scammers the world over who might actually want to do me harm, steal my identity or raid my bank accounts.
    I thought I could use TrueCrypt to encrypt a binary blob containing stuff that's important that I don't lose, before putting it into Crypted on my Dropbox. My reasoning was Crypted on Dropbox is going to get hacked eventually, so TrueCrypt might give me a second line of defence. It turns out that people don't seem to trust TrueCrypt either.

    So I'm at a loss as to what to do, over and above hiding various USB keys all over the place.

  2. Re:Different Source Code for Different Versions? by MightyMartian · · Score: 1, Troll

    I see no reason to insult anybody by comparing them to Microsoft.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  3. Re:A costly analysis by AlphaWoIf_HK · · Score: -1, Troll

    I think your sloppy asshole needs to fart out all the cum I filled it with.

    --
    Da derp dee derp da teedly derpee derpee dum. Rated PG-13.