Security Researchers Want To Fully Audit Truecrypt

Hugh Pickens DOT Com writes "TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. 'Lots of people use it to store very sensitive information,' writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. 'That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this.' According to Green, Truecrypt 'does some damned funny things that should make any (correctly) paranoid person think twice.' The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. 'As it can't be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.' Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. 'We're now in a place where we have nearly, but not quite enough to get a serious audit done.'"

Different Source Code for Different Versions?

[tysonedwards]

I am shocked, and frankly a little pissed off that Version 6 and Version 7 aren't identical.

Re:Different Source Code for Different Versions?

[Lunix+Nutcase]

Yeah was just about to make the same post. That sentence sounds pretty stupid.

Re:Different Source Code for Different Versions?

Yeah was just about to make the same post. That sentence sounds pretty stupid.

Pretty obvious typo?

Re:Different Source Code for Different Versions?

[Lunix+Nutcase]

Yes, hence why it was stupid that the "editor" did not pick up on it and fix it. As you said, it's glaringly obvious.

Re:Different Source Code for Different Versions?

[Cryacin]

Meet the new version, same as the old version, except with a better logo.

Re:Different Source Code for Different Versions?

[Russ1642]

And a higher number. Software gets better as the number goes up, which is why Mac OS X is better than Windows 8.

Re:Different Source Code for Different Versions?

[K.+S.+Kyosuke]

Yes, hence why it was stupid that the "editor" did not pick up on it and fix it. As you said, it's glaringly obvious.

It's a backdoor in the article!

Re:Different Source Code for Different Versions?

[MightyMartian]

I see no reason to insult anybody by comparing them to Microsoft.

Re:Different Source Code for Different Versions?

Reading 'ironic' comment after comment after comment has really become tiresome on /.

Re:Different Source Code for Different Versions?

Huh? How do you compare a letter version with a number version? Is J better than 14?

Apples and oranges.

Re:Different Source Code for Different Versions?

That's why I run Windows XP!

Re:Different Source Code for Different Versions?

[jeffmflanagan]

Depends on what value you assign to X.

Re:Different Source Code for Different Versions?

[lister+king+of+smeg]

And a higher number. Software gets better as the number goes up, which is why Mac OS X is better than Windows 8.

Huh? How do you compare a letter version with a number version? Is J better than 14?

Apples and oranges.

Roman Numerals X == ten.

Besides ubuntu 12.04 LTS is greater than OS X and windows 8

Re:Different Source Code for Different Versions?

Copy/pasted from http://blog.cryptographyengineering.com/2013/10/lets-audit-truecrypt.html :

[T]he Windows version of TrueCrypt 7.0a deviates from the Linux version in that it fills the last 65,024 bytes of the header with random values whereas the Linux version fills this with encrypted zero bytes. From the point of view of a security analysis the behavior of the Windows version is problematic. By an analysis of the decrypted header data it can't be distinguished whether these are indeed random values or a second encryption of the master and XTR key with a back door password. From the analysis of the source we could preclude that this is a back door... As it can't be ruled out that the published Windows executable of Truecrypt 6.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.

Compare from the original source ( https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-en.pdf ):

[...]As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door. The Linux version does not have that problem with these bytes as their decryption to zero proves that they don't hide a duplicate key.

It appears to me that the typo was either inserted by the blog author or was in an older (erroneous) version of the pdf. At this point in time, we don't know which.

Re:Different Source Code for Different Versions?

Huh? How do you compare a letter version with a number version? Is J better than 14?

Let's see ...
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, 10, 11, 12, 13, 14, ...

Nope, 14 is better. :-)

Re:Different Source Code for Different Versions?

We should all install Windows 2000.

Re:Different Source Code for Different Versions?

This year we put a 12 on the box

Re:Different Source Code for Different Versions?

Ha ha chumpster, good luck keeping up with my Sinclair 2068.

Re:Different Source Code for Different Versions?

According to Apple, the "X" in OS X is the letter X, not a number.

Re:Different Source Code for Different Versions?

> According to Apple, the "X" in OS X is the letter X, not a number.

Yeah, that must be why Senior VP Craig Federighi kept calling it "OS Ten Mavericks" in his WWDC keynote...

Re: Different Source Code for Different Versions?

I always wonder if OS X 10.10 will actually just be called OS X^2

Re:Different Source Code for Different Versions?

[niftydude]

My Amstrad 6128 smokes your Sinclair.

Re:Different Source Code for Different Versions?

According to Apple, the "X" in OS X is the letter X, not a number.

[citation needed]

Re:Different Source Code for Different Versions?

My MOS 8502 kicks your Amstrad's ass.

Re:Different Source Code for Different Versions?

[lister+king+of+smeg]

Apple OS history
System 1, https://en.wikipedia.org/wiki/System_1
System 2, https://en.wikipedia.org/wiki/History_of_Mac_OS#System_1.2C_2.2C_3_and_4
System 3, https://en.wikipedia.org/wiki/History_of_Mac_OS#System_1.2C_2.2C_3_and_4
System 4, https://en.wikipedia.org/wiki/History_of_Mac_OS#System_1.2C_2.2C_3_and_4
System 5, https://en.wikipedia.org/wiki/History_of_Mac_OS#System_Software_5
System 6, https://en.wikipedia.org/wiki/System_6
System 7, https://en.wikipedia.org/wiki/System_7
System 8, https://en.wikipedia.org/wiki/Mac_OS_8
Mac OS 9, https://en.wikipedia.org/wiki/Mac_OS_9
OSX https://en.wikipedia.org/wiki/OS_X

X does stand for 10

Typo?

'As it can't be ruled out that the published Windows executable of Truecrypt 6.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip"

I would hope version 6.0a is compiled from a different source than 7.0a. Why roll a version number with no change?

Re:Typo?

[Lunix+Nutcase]

Yeah, it's a typo. The privacy report says in the last full paragraph on page 13:

As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.

Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.

Re:Typo?

[Lunix+Nutcase]

That was meant to be "second to last full paragraph".

Re:Typo?

[davidbrit2]

Well, we can't trust that copy/paste hasn't been back-doored.

Re:Typo?

If you can't even trust your clipboard what can you trust?!?!?!

Re:Typo?

[gridzilla]

Looking at the current state of science you can only trust what's in your grey matter. Anything outside that can be listened to / intercepted or otherwise processed by the NSA.

Re: Typo?

[davidbrit2]

Certainly not that keyboard with the keylogger embedded in it!

Re:Typo?

The government has mind-control lasers.

You can't even trust your own head, unless you're wearing one of my patented CRAnial Protection devices. Only 99.99 if you buy it now, though we'll soon have to take payment in gold, silver, or bottlecaps.

Re:Typo?

[Rob+the+Bold]

Yeah, it's a typo. The privacy report says in the last full paragraph on page 13:

As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.

Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.

As I can't make sense of this sentence even as corrected, I however can't preclude that there is still a typo.

Re:Typo?

[I'm+New+Around+Here]

Wait. You trust Clippy?

Re:Typo?

[twdorris]

As I can't make sense of this sentence even as corrected, I however can't preclude that there is still a typo.

Yeah. What he said. No version of that original sentence makes any sense to me anyway.

Re:Typo?

[shipofgold]

While it could have been worded better, I did understand the author's intent of the comment.....

A lot of people apparently use Truecrypt 6.0a and earlier. I don't believe sourcecode for those earlier versions has ever been published. That means people could be using a binary that is completely different than the Truecrypt 7...complete with backdoors or other vulnerabilities. No matter how much you analyze Truecrypt 7 software, all Truecrypt 6.0a and earlier versions should be considered vulnerable.

Re:Typo?

[lxs]

This summary is a lot like the header of a Truecrypt volume in that it may contain crucial information in scrambled form.
The rest of TFA explains that the header of a Truecrypt volume either contains encrypted zeros (using the Linux version) or "random bits" when using the Windows client. The implication is that these "random bits" could actually contain the encrypted key to the volume.

Re:Typo?

The government has mind-control lasers.

You can't even trust your own head, unless you're wearing one of my patented CRAnial Protection devices. Only 99.99 if you buy it now, though we'll soon have to take payment in gold, silver, or bottlecaps.

What?! No bitcoins?!

Re:Typo?

Wait. You trust Clippy?

It looks like you're trying to keep a secret. Would you like me to search online for help on keeping secrets?

Re:Typo?

[blueg3]

It's not well-written.

Here's what it's saying:
* We can audit the TrueCrypt source code.
* TrueCrypt for Windows is distributed as a binary.
* We can't verify that the TrueCrypt for Windows binary is actually built from the TrueCrypt source code.
* Thus, we can't (effectively) audit the TrueCrypt for Windows binary.

They give an example of one backdoor of concern in the sentence, but really the logic is true for any arbitrary security concern.

Re:Typo?

the header of a Truecrypt volume either contains encrypted zeros (using the Linux version) or "random bits" when using the Windows client.

WTF? Never mind what's lurking in the Windows client, why the fuck does the Linux version contain an encryption of known plaintext? If you have to bruteforce the decryption, it's a hell of a lot easier if you know what a given block should decrypt to. (And if the algorithm is weak, then knowing the plaintext and the encrypted text is a dead giveaway on the key.)

Re:Typo?

[clickety6]

Surely this is proof that copy-paste has been backdoored.

Between the copy action and the paste action, the NSA was able to get in, read the copied text, parse it and then subtly alter it in order to cause confusion and distrust among us. We must act now!

I found an apt quotation from Edmund Burke we should all take to heart regarding acting against the NSA. I'll copy it here:

"The only thing necessary for the triumph of evil is for good men to do something."

Re:Typo?

You jest, but copying from web pages is indeed not without danger.

Re:Typo?

[TangoMargarine]

Well, technically there's nothing stopping people from "decompiling" the binary to its assembly code, but of course that's a massive pain in the ass for any non-trivial program.

Re:Typo?

[cellocgw]

Well, we can't trust that copy/paste hasn't been back-doored.

You laugh, but remember that story a few months back about photocopiers which swapped in the wrong digit for 'fuzzy' regions of the original text? (they were doing a best-guess match to other sections of the image)

Re:Typo?

[wvmarle]

If you have the source, you can always compile your own binary.

Using the same compiler and related software as the official distributor did, that should give an identical binary as result, no?

Re:Typo?

Really? TrueCrypt is as close to "trivial" as you'll get in any practical program. It's a much easier job than any game cracker would deal with nowadays. No fancy-ass installer, one fairly small monolithic binary, and you can see the source it's supposed to come from.

In fact, if you compile it yourself (kind of a pain because of the awkward build env) you can get very very close. Most build toolchains embed build dates, GUIDs and the like, so it's normal for there not to be an exact match.

Looking at the actual differences between a self-built version and the distributed version can easily reveal that all the code is the same and the only differences are in metadata sections and the Truecrypt Foundation's Authenticode digital signature on the end of the official binary. Looking at the source code can easily reveal any parts that are coded to behave differently if these differ, as these would be very suspicious and hard to obfuscate (there are none). And, if you like, disassembling the object code - not THAT hard with Ollydbg or the like, or IDA Pro - with an independently-produced tool on an independently-produced platform would very, very likely reveal any compiler (Ken Thompson-esque) backdoors.

Hardly an insoluble problem.

Going lower than that requires an open-source operating system; lower than that would be impractical at this point as it would require a CPU with open masks and open (or no) microcode as part of a known quantity, a control sample of which has been exhaustively verified to be untampered/not re-doped.

Re:Typo?

[HolyCrapSCOsux]

no. Depending on the compiler/flags/etc, two consecutive builds from the same source may have different signatures (timestamps in the binary, etc.) This means that after the build, the binary will have to be inspected to see WHICH parts changed. This is not always as easy as it sounds.

Re:Typo?

[blueg3]

That's not really auditing, that's reverse engineering. But yes.

Re:Typo?

[lgw]

That's why it's part of this project to move TrueCrypt to the same "deterministic build" process that TOR uses. Anyone should be able to build from the source, download the binary, and get an exact match. That has become a necessary part of any security software, and a basic failing of TrueCrypt today.

Re:Typo?

[blueg3]

Yes in theory, no in practice.

Of course, once you've audited it, you can compile the audited source and distribute that.

It's not like it's some huge problem. It just managed to get called out and picked apart.

Re:Typo?

[JoeSchmoe007]

As was mentioned above, digital signature key used to sing Windows executable are not released. Therefore, it will never be possible to get a binary result identical to what is published on TryueCrypt website.

Re:Typo?

[Darinbob]

Rebuilding from the same tools and versions does not recreate the same binaries? (barring some basic changes like date/time/headers)

Re:Typo?

[nurb432]

Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.

And even tho he made a typo, give that man a cookie for doing it himself and not taking the lazy way out.

Re: Typo?

You could trust your clipboard only If you examined al of the sources for your keyboard controller, bios and is, and compiled them yourself with a trusted compiler.
Ah crap, it's lack of trust all the way down.

Re:Typo?

[blueg3]

The signature is appended and contains a hash of the remainder of the file (what it's signing). If you could actually recreate the TrueCrypt binary in its state before it's signed, it is absolutely trivial to verify that it's the same as what was signed in the signed binary (and thus is strictly the same, minus the signature). That's not the hard part at all.

Re:Typo?

So instead of taking the time to build it from source, diff the completed binaries and post the results, he's pushing FUD. Now if he really wants Truecrypt to be audited, then pay someone to do it or do it themself. While you're at it, post instructions on how to build it from source so others can do so and then check the finished binaries against what ever downloaded version that's being run. We may end up finding those that have been hacked by what ever TLA (three letter agency) you deign to bitch about.

Fast Turtle

Re:Typo?

The Author is a god damn idiot. Since the source code is available, simply build the god damn thing from source and diff the binaries. If they match, you're pretty much assured they're the same. If they don't match, the you can run around screaming "The Sky is Falling" like any other Chicken Little and at least people who know better will check and see if you're right, just to prove you wrong. Otherwise we simply can't be bothered to test you're fucking theory.

Re:Typo?

[trawg]

The Tor guys just went through this process of creating deterministic builds to solve this problem. Fascinating process and some more info here: https://mailman.stanford.edu/pipermail/liberationtech/2013-June/009257.html

Re:Typo?

[TangoMargarine]

Have you actually disassembled (de-assembled?) anything before? Admittedly, I haven't, but I *have* done assembly programming, and there's no such thing as a trivial assembly program that does more than print "Hello world." Yes, maybe it's simpler than a commercial game, but you're still dealing with completely unlabelled registers and memory addresses in most commands and almost total lack of syntactic sugar for readability.

I take issue with your flippant use of the word "easily" but acknowledge that it could be done.

Re: Typo?

Outstanding, made my morning.

Re:Typo?

[kmoser]

It already has been shown to be back-doored: http://support.sharethis.com/customer/portal/questions/852209-remove-see-more-sthash-link-from-copy-paste

Re:Typo?

[rdnetto]

Because if the encryption algorithm was vulnerable to a known plaintext attack, it would be considered insecure and not used at all.

Re:Typo?

Sadly this misquote has a kernel of truth. Specifically in the "do something" part. Unless the goodness of the something is inherent the result could well be evil. Much harm has been done by people believing that goodness derives from the intent not the result of the act.

A thought

TrueCrypt has a custom license and it is unclear how it mixes with other licenses. This makes code-sharing between TrueCrypt and other projects problematical.

According to TFA nobody knows who wrote TrueCrypt.

The answer to the problem is simple: relicense TrueCrypt. If there are no known authors, there's nobody to complain.

Re:A thought

[Desler]

Except copyright law doesn't work that way.

Re:A thought

[Grantbridge]

Well they would have to come forward to launch legal proceedings, wouldn't they?

Re:A thought

Which has little bearing on the fact that you still can't relicense the code without the consent of the copyright holder(s). No one with a brain, for example any mainstream Linux distro, is going to distribute the program after it's been illegally relicensed. It simply makes them a target for copyright infringement lawsuit since, unlike a patent, a copyright is automatically assigned and valid in all countries who signed the Berne Convention.

Re:A thought

[Grantbridge]

Well what I meant was if you wanted to know who was behind it, you could make a shell company who then illegally re-license TrueCrypt and wait to get sued. What could possible go wrong??

Re:A thought

[Rob+the+Bold]

Except copyright law doesn't work that way.

How does copyright work in the case of anonymous authorship? I found this info which I make no attempt to explain . . .

In the US, there's this:)

(c) Anonymous Works, Pseudonymous Works, and Works Made for Hire. — In the case of an anonymous work, a pseudonymous work, or a work made for hire, the copyright endures for a term of 95 years from the year of its first publication, or a term of 120 years from the year of its creation, whichever expires first. If, before the end of such term, the identity of one or more of the authors of an anonymous or pseudonymous work is revealed in the records of a registration made for that work under subsections (a) or (d) of section 408, or in the records provided by this subsection, the copyright in the work endures for the term specified by subsection (a) or (b), based on the life of the author or authors whose identity has been revealed. Any person having an interest in the copyright in an anonymous or pseudonymous work may at any time record, in records to be maintained by the Copyright Office for that purpose, a statement identifying one or more authors of the work; the statement shall also identify the person filing it, the nature of that person's interest, the source of the information recorded, and the particular work affected, and shall comply in form and content with requirements that the Register of Copyrights shall prescribe by regulation.

And this

Anonymous Work

An author's contribution to a work is “anonymous” if that author is not identified on the copies or phonorecords of the work. If the contribution is anonymous, you may:

* reveal the author's identity even though the work is anonymous, or
* leave the author fields blank, or
* give “Anonymous” in the last name field.

Note that if a work is “made for hire,” you must name the employer as author. In any case, you should check the anonymous box.

And internationally, there's this advice from wikipedia.

Re:A thought

[mlts]

It still is acting in bad faith. Even though nobody comes out to actively defend a work, it still isn't ethical to recopy and relicense someone else's stuff without permission.

If TC turns out to have issues, the best thing would be to get behind a project like FreeOTFE and have that thoroughly audited and vetted. The second best would be to see about getting a company who has a product with similar functionality (BestCrypt or even better, Symantec's PGP Desktop) and having them create an "open" version. This likely will be extremely difficult at best.

Re:A thought

[TheCarp]

I have used FreeOTFE before, and kind of forgotten about it. As it happens, I am looking for something just like this now for use with some USB keys I need to use to share data at different places.

Now that I look at it I see this on Wikipedia:
"The FreeOTFE website is unreachable as of June 2013 and the domain name is now registered by a new owner."

So I asked, is it even being maintained? I know its open source but, its good to know if a project is actively maintained too. Apparently the place to go is Sourceforge as freeotfe.org is something else now: http://sourceforge.net/projects/freeotfe.mirror/

AND the latest release is several months after the original website disappeared, So it looks like somebody is working on it anyway. May be just what I needed.

Re:A thought

[LordLimecat]

They win their case, get the judge to pierce the corporate veil, and hold you liable for damages.

Re: A thought

Which happens all the time to the little guy, especially when the shell was setup to infringe. Get ready for lifetime debt.

Re:A thought

Diskcryptor
http://sourceforge.net/projects/diskcryptor/

Re:A thought

[gweihir]

No. They can use a proxy.

Re:A thought

[Jane+Q.+Public]

"It still is acting in bad faith. Even though nobody comes out to actively defend a work, it still isn't ethical to recopy and relicense someone else's stuff without permission."

Yes, it very much IS ethical to do so. It just isn't legal. There is a difference.

Until just a very few years ago (around the time of CMCA), in order to enforce a copyright you had to DECLARE it. That means publicly declare who the copyright belongs to, and when the work was produced.

For a number of extremely good reasons, this is still the way it should work. That system worked, and worked fine. There were a number of solid ethical and equity reasons for it being the way it was. It worked MUCH better than the current mess we are in now. Which began at precisely the time they changed the law.

Always keep in mind that laws do not determine ethics. Ethics are supposed to influence the laws. The former doesn't work in the long run. The latter does.

Re:A thought

[Jane+Q.+Public]

s/CMCA/DMCA

Re:A thought

There's already been a project that can read/write Truecrypt containers in Linux that does not depend on the Truecrypt code. The page refers to the fact that truecrypt uses bog standard AES, so they only had to read the available source code to see how they implemented their containers. Bog Standard DM-Crypt handles it quite nicely now and does not depend on the god damn screwy build environment that Truecrypt needs with the added benefit that the methods use are open sourced.

Gentoo Linux has a listing for the project page and no, I'm too fscking lazy to look it up now.

Fast Turtle

Re:A thought

[V+for+Vendetta]

Until just a very few years ago (around the time of CMCA), in order to enforce a copyright you had to DECLARE it.

Short answer: No.

Long answer: No, not i.e. in Germany, where you automatically posses the copyright of your work. No need to declare it somewhere.

Conclusion: even back then, it depended on where the author(s) was/were from.

Re:A thought

[WuphonsReach]

Until just a very few years ago (around the time of CMCA), in order to enforce a copyright you had to DECLARE it. That means publicly declare who the copyright belongs to, and when the work was produced.

That hasn't been true in the USA since the 90s. Possibly earlier.

A costly analysis

[TheloniousToady]

All typos in the writeup aside, the TrueCrypt FAQ states:

In addition to reviewing the source code, independent researchers can compile the source code and compare the resulting executable files with the official ones. They may find some differences (for example, timestamps or embedded digital signatures) but they can analyze the differences and verify that they do not form malicious code.

If so, why would it cost $16,000 to do that? Heck, I bet somebody would do that, and also do "a full security audit" of the source code, for free.

When I used to use TrueCrypt years ago, I assumed someone had already done that. But I never found any proof, so I stopped using it. Will the $16,000 maybe be used to pay someone to do that formally and publish the results?

Re:A costly analysis

[AHuxley]

Expensive, unique, proprietary, complex software is going to seek out traces of the military industrial complex and its best software contractors.

Re:A costly analysis

[nharmon]

Perhaps the $16,000 could be divided up and paid to multiple researchers who do their own separate analyses. Even better would be researchers on different continents, who pledge not to communicate with each other until their work is complete.

Re:A costly analysis

If somebody would do that, why hasn't he? Auditing cryptographic software isn't like auditing most software, Joe Programmer won't cut it.

Re:A costly analysis

If so, why would it cost $16,000 to do that? Heck, I bet somebody would do that, and also do "a full security audit" of the source code, for free.

Sure, I bet NSA would do it for free. Do you trust them?
There is also an 75 years old farmer no more than ten miles from here that also says that "It's probably nothing to worry about."

I don't think $16,000 cover the cost of finding someone that is universally trusted by all users. They will probably settle for someone with the correct knowledge that isn't proven to be corrupt yet.

Re:A costly analysis

[Captain+Hook]

If so, why would it cost $16,000 to do that?

It's not the compile and compare to existing binaries that's the expensive bit, that would just show the same source code was used.

The expensive bit is someone has to review everyline of code and really understand it to eliminate possible backdoors and someone has to review the workflow to find flaws in the implementation.

Re:A costly analysis

[Pino+Grigio]

Why do you give a flying **** what the NSA are doing with your data? I don't. I'm more concerned about Russia, China and assorted hackers and scammers the world over who might actually want to do me harm, steal my identity or raid my bank accounts.
I thought I could use TrueCrypt to encrypt a binary blob containing stuff that's important that I don't lose, before putting it into Crypted on my Dropbox. My reasoning was Crypted on Dropbox is going to get hacked eventually, so TrueCrypt might give me a second line of defence. It turns out that people don't seem to trust TrueCrypt either.

So I'm at a loss as to what to do, over and above hiding various USB keys all over the place.

Re:A costly analysis

[mlts]

What would be nice would be a platform independent version of PhonebookFS/EncFS/EFS [1].

With this, one can mount a directory on a mount point, and all files written to the mount point get stored in the directory encrypted. The filesystem is important, but not critical, and the directory of encrypted files can be moved, archived, stuffed onto DropBox, etc. without loss of file integrity or security. PhoneBookFS is especially nice because a directory can have multiple layers in it, so there can be encrypted files which are never used and are just there as chaff, or the directory can have one layer full of innocuous stuff, another layer with the true sensitive data in it. The explanation about chaff always being present provides enough plausible deniability.

[1]: EFS as in the mid-90s version, and perhaps AIX's implementation, not EFS as in Windows's encrypted file support on NTFS.

Re:A costly analysis

[TWiTfan]

Why do you give a flying **** what the NSA are doing with your data? I don't. I'm more concerned about Russia, China and assorted hackers and scammers the world over who might actually want to do me harm,

Because as a U.S. resident, I don't worry about Russia, China, etc. kicking my door down and throwing me in jail or putting me on a no-fly list for some joke I made in a private email to a friend.

Re:A costly analysis

[emho24]

Why do you give a flying **** what the NSA are doing with your data?

Because government entities are being used to punish those of differing political beliefs than those in power. It will only get worse, and it matters not what "side" the current rulers are. The current administrations favorite punishment tool seems to be the IRS. Can't wait to find out how bad it gets with the next administration.

Re:A costly analysis

[mlts]

Similar with me. The NSA invading privacy is one issue, but I have higher priorities on my list to guard against. I like packing my own parachute so if some criminal organization hacks my remote storage provider [1], the data is still secure.

Is TrueCrypt insecure? Unknown. Is it good enough to keep a criminal organization out of my old tax papers? More likely than not, although I have been moving to storing data in GnuPG [2] encrypted ZIP archives with an accompanying signature and manifest file (also encrypted) which will allow the contents to be opened up on more platforms than just what TC supports.

[1]: When deploying a storage service in a private cloud, I deployed it where the data stored on the SAN LUNs were encrypted. This made great internal PR, but it still didn't solve the problem that if someone hacked the client, the data was a sftp command away from being slurped off.

[2]: Well, on Linux and OS X, GnuPG. On Windows, Symantec's PGP Desktop because it supports my ancient Aladdin (now SafeNet) eTokens.

Re:A costly analysis

https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering

Re:A costly analysis

[rahvin112]

The only IRS punishment going on is the IRS trying to stop political groups claiming they are charities. Something congress themselves should have fixed rather than leave it to the IRS to try to sort out all the liars. When Crossroads GPS, a superPAC created by Karl Rove of all people is claiming to be a charity there is a WHOLE lot of lying going on.

Re:A costly analysis

[Score+Whore]

If that's what you think is going on then you need to educate yourself. Start by learning the difference between the different types of tax advantaged organizations. Then stop making completely false equivalences; no one was claiming that their PAC was a charity.

In this day and age you've no excuse to be this ignorant. You could start here.

Re:A costly analysis

[rahvin112]

Unfortunately my knowledge of this affair doesn't come from Fox News so I will NEVER share your politicized and propagandized view of what occurred.

It's a simple fact that political groups were claiming to be charities and the IRS was trying to stop it through the means they had available because Congress had failed to fix it. No group engaged in political activity of any kind should be able to claim charitable status.

http://en.wikipedia.org/wiki/American_Crossroads

If Karl Rove's Crossroads GPS group was engaged in social charity you're a fucking duck.

Re:A costly analysis

Why do you give a flying **** what the NSA are doing with your data?

Because I don't want *anybody* looking at my private data, regardless of motivation.

Furthermore, you may trust your country now but what happens when you suddenly switch to a dictatorship? Do you really think they won't look back on that information to weed out the undesirables?
Who's to say what an undesirable would even be? Throughout history people have been prosecuted for the colour of their skin, their religion, their social group, their sexual preferences, their gender, their beliefs, their work, and whatever else you can imagine.

Re:A costly analysis

[alexo]

Why do you give a flying **** what the NSA are doing with your data?

Because the NSA is composed of individual people with no better morals than the average person (and usually worse, because they consider themselves to be untouchable).

I don't.

This psycho ex of yours, she's dating an NSA analyst.
Not only he has access to all your data (that random link you mis-typed which turned out to be child porn), he can also manufacture some (and you won't be able to challenge the "evidence" because "National Security").

Still don't care?

Re:A costly analysis

[Score+Whore]

You are so insistent on maintaining your view that you intentionally avoid learning anything. I linked to a page on wikipedia that describes the different types of 501(c) tax exempt organizations. One of those types is a charity, 501(c)(3) which is religious and charitable organizations. Another one is 501(c)(4) which is not charitable. Organizing For America (the left-overs of Obama's campaign organization) is of this type. And it is exactly this status the the various groups you are castigating applied for.

Repeat to yourself as many times as necessary: A tax exempt organization is not necessarily a charitable organization.

Whether you agree with the organizations or not, it should outrage you and make you want to throw up a little bit that federal government workers are using their power to influence the outcomes of elections.

Re:A costly analysis

[Teun]

You could give a flying (**** decrypted) fuck once you realise one party uses your data for control, the other one for gain.

Take your pick.

Re:A costly analysis

[bytesex]

Because a few weeks ago somebody who was simply critical of the NSA practices was actually banned entry into the US. Yeah, just let it sink in for a few minutes.

Re:A costly analysis

Similar with me. The NSA invading privacy is one issue, but I have higher priorities on my list to guard against. I like packing my own parachute so if some criminal organization hacks my remote storage provider [1], the data is still secure.

How is jumping out of a plane going to help you when your remote storage provider gets hacked?

Re:A costly analysis

Because as a British resident, I don't worry about Russia or China trying to extradite me and then throwing me into a legal loophole of a jail, without the right to representation.

Re:A costly analysis

And if that "private joke" was some stupid threat, etc, etc, I hope that you'd get caught

Re:A costly analysis

[Pino+Grigio]

Citation?

Re:A costly analysis

Search google news for this name: Ilija Trojanow

Re:A costly analysis

[rahvin112]

Another bunch of horseshit. You keep saying things which aren't even true in the links you post. Did you even read the wikipedia article you think you are referencing?

501(c)(4) â" Civic Leagues, Social Welfare Organizations, and Local Associations of Employees

501(c)(4) organizations are generally civic leagues and other corporations operated exclusively for the promotion of "social welfare", such as civics and civics issues, or local associations of employees with membership limited to a designated company or people in a particular municipality or neighborhood, and with net earnings devoted exclusively to charitable, educational, or recreational purposes.[41] An organization is operated exclusively for the promotion of social welfare if it is primarily engaged in promoting the common good and general welfare of the people of the community.

501(c)(4) organizations may inform the public on controversial subjects and attempt to influence legislation relevant to its program[43] and, unlike 501(c)(3) organizations, they may also participate in political campaigns and elections, as long as its primary activity is the promotion of social welfare

Not ONE of the organizations that the IRS targeted meets those requirements. Not one of them was engaged primarily in social welfare. And all the tea party groups and progressive groups and other political groups using this classification so they could collect donations tax free and avoid disclosure rules broke the law. Had Congress fixed the problem when these groups began misusing the category it would have never been left up to a bunch of rank and file IRS employees to try to stop illegal use of this category.

As I said before, if Crossroads GPS was engaged in social welfare you are a duck. Now come back when you actually understand the issue instead of blindly quoting talking points you saw on fox news.

Re:A costly analysis

[Score+Whore]

Did you actually read what you quoted? Seems like either you didn't or you want to define "social welfare" in your own special way. It doesn't mean charity and it doesn't mean "agrees with your political views."

See, for example a social welfare organization: Organizing for Action, aka Organizing for America, aka. Barack Obama 2012 re-election campaign, aka Barack Obama 2008 election campaign. Same organization restructured repeatedly and finally into a 501(c)(4) tax exempt entity.

Additionally, you don't just get to claim to be a 501(c)(4) and start acting under that umbrella, you have to apply and get granted that designation. So your whole paragraph about organizations abusing this status is BS, not to mention the falsity when you suggest both "tea party and progressive" groups were equally targeted. The delays and intrusions were almost exclusively against conservative groups.

It's clear though that you're not actually interested in the truth, merely trying to obscure malfeasance and leverage the power of the state to manipulate the results of elections. I'll just finish by pointing out you are a partisan liar, your posts have the barest relation to reality, the IRS targeted conservative groups, it likely affected the 2012 election, and here is Wikipedia's summary of the scandal.

Re:A costly analysis

[AlphaWoIf_HK]

You government bootlickers are a joke. Your hatred for freedom is eclipsed only by your immense stupidity and naivete.

Re:A costly analysis

[AlphaWoIf_HK]

Why do you give a flying **** what the NSA are doing with your data?

Because no government throughout history has not fallen to corruption. Even the 'land of the free and the home of the brave' imprisoned US citizens of Japanese descent, had Jim Crow laws, practiced slavery, and did not allow women to vote (or do much else) until much later after it was founded. No government can be trusted with that much data, and you are a fool to think otherwise.

Re:A costly analysis

[rahvin112]

You appear to be under the mistaken impression that I adhere to some political philosophy in your attempts to point out failings by other groups like Obama affiliated organizations. This only serves to point out your own politicking on this issue. I'm of the opinion that EVERYONE that's abusing 501c4 for political purposes should be prosecuted for tax fraud regardless of political affiliation.

Let me say it again so you understand. None of the organizations targeted including groups with tea-party, Israel, occupy or progressive in their name (including all the groups that weren't targeted that were abusing the status as well) was engaged in social welfare as defined by the statute, which was in the wikipedia link YOU linked and I quoted in my previous reply. I will quote it YET again and bold the definition for so your reading comprehension doesn't continue to fail you.

501(c)(4) organizations are generally civic leagues and other corporations operated exclusively for the promotion of "social welfare", such as civics and civics issues, or local associations of employees with membership limited to a designated company or people in a particular municipality or neighborhood, and with net earnings devoted exclusively to charitable, educational, or recreational purposes.[41] An organization is operated exclusively for the promotion of social welfare if it is primarily engaged in promoting the common good and general welfare of the people of the community.

None of the organization targeted were engaged in social welfare. ALL the organizations targeted were using this status as cover for undisclosed political advertising. Crossroads GPS in particular ran attack ads in several elections including Akin in Missouri and according to records spent millions on advertising. That is NOT social welfare as defined by the statue.

The ONE not interested in the truth here is you. The truth is that 501c4 saw a several thousand fold increase in applications because political groups began abusing the classification. The IRS tried to filter this huge increase in people claiming 501c4 status using improper name filters to try to prevent groups clearly not engaged in social welfare.

As I noted previously they didn't have legal authority to do so because congress had not granted the IRS the authority to question applications. As with all IRS filings the IRS doesn't approve anything, the applications is for a tax ID number, whether or not the application is truthful is not up to the IRS division in question to ascertain as any allegation of fraud would be investigated and prosecuted by IRS CID. Unfortunately because of the politics involved IRS CID will likely never prosecute all the liars illegally using this status to circumvent tax and disclosure requirements.

But you might understand that had you been anything but a partisan hack quoting Fox news talking points. You might also take the opportunity to realize that just because I don't blindly follow the same bullshit echo chamber BS you do, that it doesn't imply I'm adhering to any particular political philosophy. I don't differentiate between any of the republicrats and democans in office currently or in control of either party. In fact I believe whole heartily that anyone that claims either party is better than the shit shoveling self interested jackasses they actually are is nothing but an idiot. Take heart in the fact that there is a good 40% of the population much like yourself that falls hook line and sinker for the propaganda and much like you thinks there is actually a difference between the parties. So you and the other idiots in the 40% have plenty of company.

Maybe you should go find one of those democans or republicrats that believes something that big fox news echo chamber has told you is bad and argue with them about how evil that pointless item is. It'll keep you distracted while the shit shoveling jackasses work to enrich themselves at your expense. Oh and while you are at it, shove your partisan world view up your ass.

Re:A costly analysis

[Pino+Grigio]

Your comment is unmitigated nonsense of the first order.

Re:A costly analysis

[AlphaWoIf_HK]

You speak in opposites now? In reality, you're worshiping me as if I'm a god. Now, I'll force your sloppy asshole to suck on my fetid cock like a baby sucks on a pacifier! Ahhhhhhhhhhhhh! That's simply too good! I guess it's time for me to fill your fictionhole with creamy goodies right this minuteness...!

Wow! Your rancid asshole is now a swimming pool for my cockpoles! What a sloppy asshole. What say you?

Re:A costly analysis

[Pino+Grigio]

I think you need to take your medication.

Re:A costly analysis

[ixidor]

except have you seen any of hearings regading sthe "so-called" charities? Not only did they use the IRS, but the ATF, FBI, any any other agency they could to survail these people. Say what you will about the "tea-party" type non-profits, the way it was handled was just wrong. either shit or get of the pot. They left these people in Limbo for years.

Re:A costly analysis

[AlphaWoIf_HK]

I think your sloppy asshole needs to fart out all the cum I filled it with.

Waitaminit...

[Shoten]

...I thought the main point of the "open source is more secure" argument was that this process supposedly happened on its own, organically?

Re:Waitaminit...

Very sad attempt at trolling. Try better next time.

Re: Waitaminit...

It's happening, great isn't it?

Re: Waitaminit...

After someone raises $16,000...

Re:Waitaminit...

Actually, he makes a good argument that should be taken seriously. Just because it is open source doesn't mean anyone is actually auditing it. If it happened often and spontaneously, there would be no need to raise $16,000 to support an audit.

Re: Waitaminit...

Which is happening. Oh, wait, you wanted Open Source to be done by magic so that if magic is proven false then Open Source is too...

Re: Waitaminit...

[carlos92]

Still, it's USD 16K against the NSA budget. And Russia's FSB's. And Mossad's.

Re:Waitaminit...

[TheRaven64]

No, the argument is that it can happen if someone decides that it's worth doing. Just making the code open doesn't mean that anyone will read it. It does, however, mean that:

• You can build it yourself, so you know that the code that is audited is the code that is built (modulo toolchain trojans)
• You can audit the code, or pay someone else to do it, without permission from the original authors beyond their original license
• You can fix any security holes that such an audit turns up (or pay someone else to do it, again without requiring permission from the original authors beyond their original license

Re:Waitaminit...

[MrChips]

No, the argument is that it can happen if someone decides that it's worth doing. Just making the code open doesn't mean that anyone will read it. It does, however, mean that:

• You can build it yourself, so you know that the code that is audited is the code that is built (modulo toolchain trojans)
• You can audit the code, or pay someone else to do it, without permission from the original authors beyond their original license
• You can fix any security holes that such an audit turns up (or pay someone else to do it, again without requiring permission from the original authors beyond their original license

And, if someone else does an audit, there's a better chance that they are not bound by NDA and can therefore speak freely about what they find.

Re:Waitaminit...

[aaaaaaargh!]

The real reason why open source practically always beats closed source in security applications is that the authors have to presume that someone else will take a look at the code later and therefore want to avoid too messy and unclean coding. With closed source the temptation is simply too high to introduce dirty hacks and shortcuts, such as crappy PRNGs where cryptographically secure ones would be required, using no salt or using default initialization vectors - things that would be too embarrasing if anybody could discover them easily.

Closed source developers can avoid that by independent security auditing, frequent reviews and strict coding guidelines, but that costs a lot of money and is only done when there is an external incentive like having to fulfill some FIPS regulation. In many if not all cases you can and should give a shit about the claims of even the most reputable closed source vendors. They are very likely lying about one thing or another and their managers likely don't even know exactly what they are really selling and how it works (viz., doesn't work).

Re:Waitaminit...

[interval1066]

Absolutely, although I'm a little surprised some software hotshot hasn't audited it yet on his own just to make a name for himself. It would be a complex analysis, for sure, but independants have done more complex things.

Re:Waitaminit...

[Vellmont]

Anyone being able to review code is NOT the same thing as an audit. An audit is a more formalized process where there's a more defined process and some form of assurance of quality is provided by the group. A formalized audit should cover all, or at the least "critical areas" of the code. An audit also might entail more than just the code, but who has access to it, what the commit procedures are, etc.

What you're describing is more ad-hoc. Individuals going in and making sure there's no glaring errors or design flaws, or even more subtle things if they're so inclined. I'm sure that's happened, but how do we know to what extent?

Audits are more about providing more formalized public assurance of code quality. Both the ad-hoc code inspections, and audits are useful, and mutually beneficial. But they aren't the same thing.

Re:Waitaminit...

The real reason why open source practically always beats closed source in security applications is that the authors have to presume that someone else will take a look at the code later and therefore want to avoid too messy and unclean coding.

Except OpenSSL...

Re:Waitaminit...

[AlphaWoIf_HK]

Just because it is open source doesn't mean anyone is actually auditing it.

True, but when it's open source, the chance that someone is auditing it or has audited is a fair bit higher, depending on how complex the software is.

Re:Waitaminit...

[OdinOdin_]

As an OpenSSL contributor I agree the project is a mess.

The project needs 100% code coverage unit testing.
It needs to move to using git as the main SCM repo.
I don't agree with even the source formatting on the basis that it doesn't make it easier to audit the code base, it is an uncommon code formatting choice.
The project needs a gerrit code review system to streamline the limited committer man-hours when integrating new code. One problem in getting patches into the project is you need to find a committer that agrees with it and has time. Git allows easier unlimited forking and code review allows by anyone and facilities multiple people to run their own tree, so may the best maintainer win popularity.
All new code should include a unit test to accept it.
The network / kernel interactions need also unit testing (something I already did in the part to prove an API interaction deficiency in the OpenSSL API design).

Problems in the license, and an alternative?

[seandiggity]

From http://lists.debian.org/debian-legal/2006/06/msg00295.html:

...if you distribute modified versions of TrueCrypt, you cannot charge for copies. That is non-free...
...nothing in the license constitutes a promise not to sue for copyright infringement. Our counsel advises that a plain reading of this indicates that if Fedora complies with all the requirements of the TrueCrypt license, we would nonetheless have no assurance that TrueCrypt will not sue me for my acts of copying, distribution, creation of derivative works, and so forth...
TrueCrypt seems to be reserving the right to sue any licensee for copyright infringement, no matter whether they comply with the conditions of the license or not. Based on this, our counsel advised that above and beyond being non-free, software under this license is not safe to use...
Our counsel advised us that this license has the appearance of being full of clever traps, which make the license appear to be a sham (and non-free).

Given all of this, plus the problems with TrueCrypt authorship etc. I think the best course of action is replacing with a free implementation, maybe starting with something like this?

Re:Problems in the license, and an alternative?

[seandiggity]

Given all of this, plus the problems with TrueCrypt authorship etc. I think the best course of action is replacing with a free implementation, maybe starting with something like this?

Ah, I see the current TrueCrypt license has undergone substantial changes since the early days. Looks like a complete mess to me :/

Re:Problems in the license, and an alternative?

[Mr.+Slippery]

From http://lists.debian.org/debian-legal/2006/06/msg00295.html:

That discussion is about an older version of the TrueCrypt license. While the newer version hasn't been submitted for OSI certification, some say it does meet the Open Source Definition.

Re:Problems in the license, and an alternative?

[Bill+Dimm]

You botched the link. Try here.

Re:Problems in the license, and an alternative?

Whoa. From the tc-play page:

Bugs in the TrueCrypt documentation

The TrueCrypt documentation is pretty bad and does not really represent the actual on-disk format nor the encryption/decryption process.

Some notable differences between actual implementation and documentation:

        PBKDF using RIPEMD160 only uses 2000 iterations if the volume isn't a system volume.
        The keyfile pool is not XOR'ed with the passphrase but modulo-256 summed.
        Every field except the minimum version field of the volume header are in big endian.
        Some volume header fields (creation time of volume and header) are missing in the documentation.
        All two-way cipher cascades are the wrong way round in the documentation, but all three-way cipher cascades are correct.

Glad I never trusted it.

Re:Problems in the license, and an alternative?

[ameen.ross]

Isn't that called security through obscurity? Oh, wait...

Re:Problems in the license, and an alternative?

[mlts]

Truecrypt's main advantage is that it is cross platform. I can make a TC volume on Windows, stash it on Dropbox, then later on open it on my Mac or Linux box.

However, each of the operating systems generally has some method which doesn't have the hidden volumes and the plausible deniability aspect, but some form of volume encryption.

OS X has FileVault 2, which can encrypt drives with a couple clicks. OS X also has a utility that makes sparse images, using "bands", which allows one to have an encrypted volume grow and shrink as needed. Of course, there is a loss of security with this feature, but it adds versatility.

Linux has LUKS and dm-crypt (Android uses a modified version of dm-crypt to protect the /data partition in newer revs.)

Windows has BitLocker. Windows 8 and newer's implementation of BitLocker allow for it to ask for a password before boot even if a TPM chip isn't present. Of course, not all Windows editions have BitLocker usable.

Of course, there are third party utilities. PGP (the commercial version owned by Symantec) comes to mind, which can encrypt Windows, Linux, and Mac volumes. I doubt this would ever be possible, but if their code was released with a free license, this likely would be the best Truecrypt replacement, although it wouldn't have hidden volume functionality.

Re:Problems in the license, and an alternative?

[seandiggity]

Linux has LUKS and dm-crypt (Android uses a modified version of dm-crypt to protect the /data partition in newer revs.)

re: TrueCrypt container format, dm-crypt and cryptsetup/LUKS: http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-implementations

Re:Problems in the license, and an alternative?

[tlhIngan]

OS X has FileVault 2, which can encrypt drives with a couple clicks. OS X also has a utility that makes sparse images, using "bands", which allows one to have an encrypted volume grow and shrink as needed. Of course, there is a loss of security with this feature, but it adds versatility.

Actually, bands are created so you can back up the encrypted volume files without bloating your backups.

Think about it - you mount your encrypted disk, then do some file operations - perhaps edit a file. You close the encrypted disk and do a backup. Well, your backup software can't get at the encrypted contents, so now it sees the entire volume has changed and needs backing up. Boom, if it's a 1GB volume, you just bloated your backup image by 1GB. And because yesterday's image is different, you now have two 1GB images. Repeat a few times and it gets unwieldy, fast.

The solution is either to let the backup solution backup the encryption volume while mounted (so it picks up the changed file rather than changed volume). Or as Apple has done it, band the image. Knowing that if you edit a few bytes, only a few things REALLY change in the image, rather than storing the whole 1GB image on the backup store, it backs up the changed bands (which if they're 1MB in size, will amount to a few MB backed up).

Sure it bloats the backup, but if you're routinely editing only a few bytes at a time, bloating the backup by megabytes a day is far superior than the entire volume daily.

Re:Problems in the license, and an alternative?

[LordLimecat]

Not everyone is
A) ready to shell out $100 for bitlocker (for windows professional) when they could simply buy the better, and cross-platform, bestcrypt;
B) ready to trust Microsoft's FDE.

Re:Problems in the license, and an alternative?

Truecrypt's main advantage is that it is cross platform. I can make a TC volume on Windows, stash it on Dropbox, then later on open it on my Mac or Linux box.

LUKS is cross-platform too. Just use the API, provided by nfsd/afsd/smbd. ;-)

You mentioned Dropbox. So it sounds like you're accepting of your cross-platform approach requiring that you be using at least two different computers. I think that as soon as anyone's life gets that complicated (and yes, that's a low bar), they might as well just set up a file server and seriously Do Things Right.

..which also happens to be easier, more secure, faster, higher capacity, etc.. Show me a Dropbox user and I'll show you someone who settles for less, by almost every metric imaginable.

Re:Problems in the license, and an alternative?

[mlts]

Apple's solution is quite elegant to this problem with the 8MB bands, so if one change is done to a very large file, only one, possibly two bands change. I just wish something similar was available on other platforms.

Of course the downside is that a determined attacker can see what bands change over time and then guess what is in that data, but that is a relatively low threat, and could be countered by tossing some files in a junk directory and deleting them at random.

Re:Problems in the license, and an alternative?

Xoring and mod-256 summing give the same output (basic crypto arithmetics). The documentation correctly says that TrueCrypt does use 2000 iterations in PBKDF with ripemd ( http://www.truecrypt.org/docs/header-key-derivation ). The other points are simply irrelevant.

Long story short: someone doesn't like truecrypt.

Re:Problems in the license, and an alternative?

Every general full-disk encryption solution operates on limited-size blocks of some sort. The alternative would be rewriting the entire disk every time a file changed. I don't see what advantage FileVault has there, as long as your backup software does deduplication.

Re:Problems in the license, and an alternative?

Ops! Sorry, I'm wrong about the equivalence between xor and mod-256 sum, the output isn't the same. Bad memory from the college era: actually they are two commonly used techniques for that specific purpose (neither of the two is better).

However, reading truecrypt's documentation, I haven't found any reference to this issue. It seems that developers don't say whether they use xor or mod-256 sum.

Re:Problems in the license, and an alternative?

[mlts]

That's the rub: With how everything else has advanced, the only backup software that does deduplication are products like Mozy and Carbonite, where there is financial interest in just sending changes. Of course, there is rsync as well, but that is more of file copying than a backup utility.

Other than those products, backup utilities are still in the Stone Age. Want just changes or deduplication, one has to spend the megabucks for Netbackup, TSM, ArcServe, or an enterprise-grade utility. Even then, backup utilities tend to be platform specific (a backup saved on a Mac can't be restored to a Windows box, unless one uses a samba server as an intermediate step.)

I do wish backup software does deduplication, but most just doesn't bother, so a utility like FileVault with its structure of bands can be more useful than just a program that mounts a flat file as a volume.

Re:Problems in the license, and an alternative?

Or this

https://github.com/Fasrad/otpgen

The only way to be sure your data is secure is to encrypt it before it hits the computer (any computer).

Re:Problems in the license, and an alternative?

[juosukai]

Crashplan Pro Enterprise does dedup. This is the version of the software you can host on your own server and encrypt on the workstation end. Linux, Windows, Mac and Solaris support.

http://www.crashplan.com/enterprise/

And I want a pink pony

[davidwr]

Pink pony ... fully audited Truecrypt ... Pink pony ... fully audited Truecrypt ... choices, choices, choices.

Re:And I want a pink pony

[ColdWetDog]

Man, you're one sick dude. Get some help.

Re:And I want a pink pony

Could be worse, at least he isn't a Bronie

Fluttershy FTW!

Proofread...

"Green is one of people leading the charge to setup "

One of which people?

'Set up' is two words.

tabco

was8't on Steve's long tePrm survival

I'm all for an audit

[koan]

I do have one question, if you need reliable encryption and privacy why is your operating systems Windows?

Re:I'm all for an audit

Who says I only use Windows.

Re:I'm all for an audit

[ColdWetDog]

You do realize that that between the NSA, FSB, various other TLAs and countless Russian and Chinese hackers, that the Windows source code has been the subject of more careful and complete reviews than any other operating system. Ever.

Re: I'm all for an audit

You can't see the source, you are in the position of having to trust.

Re:I'm all for an audit

Because you need reliable encryption and privacy AND certain ubiquitous tools that are only available under Windows?

Aside from that, the whole linux-is-more-secure-than-windows argument is suspicious; it sounds an awful lot like security through obscurity. What makes you think that your Linux OS isn't full of zero-day exploits? The other side of the "Windows is more popular so more hackers try to find exploits" coin is "Mac and Linux are less popular so less security experts are looking for exploits to plug", after all.

Re:I'm all for an audit

[Lennie]

Most of these organisations don't get to compile their own, they get the source and the binaries seperately AND I wouldn't be surprised if it only compiles with the Microsoft toolchain.

Good luck with that.

Re:I'm all for an audit

There are two different problems here: exploits through bugs and intentional backdoors. Undoubtably all OSes have bugs that can be exploited but their danger can be minimized by being careful with firewalls, malware scanners, security updates. Intentional backdoors are tougher. If a Linux developer tries to put in a backdoor, another developer may spot it in the source code and remove it, but if Microsoft or Apple decide to put a backdoor in their OS it will be much harder to detect.

I think the GP is concerned about backdoors more than bug exploits. But even then, with Windows or MacOS careful analysis of network traffic or the binaries will spot the backdoor, so the only concern is if somehow they have a dormant backdoor that lets NSA types decrypt a Truecrypt volume even if the Truecrypt binaries are made by a third party (unlikely), or they've intentionaly broken their system functions so encryption algorithms are easily undone by someone in the know.

Re:I'm all for an audit

Yeah, I'm sure the NSA has checked that their backdoor is indeed there. :-)

Frankly, you mentioned no one who would have an interest in publishing vulnerabilities they found. Rather, they'd probably use them for their own purposes (and patch them on their own systems).

Re:I'm all for an audit

[BrentNewland]

Because I live in the real world? You know, the one where most everyone uses Windows, and the major Linux distros have fucked up their UI?

Re:I'm all for an audit

[koan]

I see it's "real" because you use WIndows.

Re:I'm all for an audit

[koan]

"reliable encryption and privacy" can not be attained on a OS that was designed to be penetrated.

Re:I'm all for an audit

[koan]

That the NSA gets first crack at zero day should tell us something.
http://www.techdirt.com/articles/20130614/02110223467/microsoft-said-to-give-zero-day-exploits-to-us-government-before-it-patches-them.shtml

Re:I'm all for an audit

"Because I live in the real world?"

So... you're not sure that you do?

1 second search

[koan]

http://www.exploit-db.com/exploits/3664/

Re:1 second search

From nearly 7 years ago and it wasn't a cryptographic backdoor.

Best encyption ever

[Smidge204]

I use the best encryption ever for everything I need to keep secret. The algorithm is a simple bitwise XOR applied to every byte in the file, using the data itself as a one-time pad. Completely uncrackable unless you know the data that was used for the pad.

The output also compresses really well!
=Smidge=

Re:Best encyption ever

For those that don't know, this should be scored "funny"; the reason is an exercise left to the (non-programming) reader.

On a serious note though, XOR with an OTP is unbreakable if the OTP is random.

Re:Best encyption ever

Good, but the decryption is o(god).

Re:Best encyption ever

[MetalliQaZ]

To further explain for the truly lazy... the algorithm would produce a file exactly as long as the input, but entirely filled with zeros.

Re:Best encyption ever

There is a bit of ambiguity on decryption.

Re:Best encyption ever

[Bob+the+Super+Hamste]

Don't you know you are suppose to compress it first and then encrypt as the compression increases the entropy of the original file.

Re:Best encyption ever

[nmb3000]

the algorithm would produce a file exactly as long as the input, but entirely filled with zeros.

Haha -- not only that, but in order to "decrypt" the ciphertext, you need to supply the original plaintext as the key!

Re:Best encyption ever

[styrotech]

But it is nicely compressible.

Why isn't Bruce using LUKS?

Seriously, now, if Bruce is really that reluctant to run a Linux installer, then he can find plenty of us willing to give him a hand, for the cause.

Setting up, say, Fedora 19 (or some other distro with LUKS in the installer) with VirtualBox, to run the Windows apps he needs and a basic set of productivity apps, is a 1-2 hour job for somebody who has done it before.

No trust without source

[sl4shd0rk]

It's pretty strange that anyone would find an audit or TrueCrypt "trustworthy". It's not open source. You can't compile it yourself. You have no idea what is in the source. At least with Gnupg you have to option of going through it line-by-line to see what the ingredients are. You can't, and never will be able to, do that with proprietary software. Even if you were to verify a single code branch, the publishers may be under a gag order to reveal certain details -- much like Lavabit making this whole argument pointless.

Re:No trust without source

Of course you can compile it yourself. The only reason why some people think it's non-free is because the license is weird.

Re:No trust without source

[mpicker0]

It's not open source.

Not open source? The source is available for download here.

You can't compile it yourself. You have no idea what is in the source.

You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.

Re:No trust without source

[diamondmagic]

Not open source? The source is available for download here.

You can't compile it yourself. You have no idea what is in the source.

You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.

Grandparent probably refers to Open Source Software, which is a formally defined term. It's not enough that you can merely read the source, you have to be able to redistribute it and any changes, too.

Re:No trust without source

[mlts]

GPG isn't perfect either. Trying to get it to compile on Solaris or AIX is a very long exercise in grabbing libraries, building them, grabbing more libraries (prereqs), and a long chain of code. It would be nice if GPG had far fewer dependencies.

Of course, there is NetPGP (which is used in NetBSD because GPG is GPL v3 licensed), but I wonder how hard it would be to port that to other operating systems and rely on its security.

Also, GNUpg is for file encryption. Volume encryption requires a different set of code.

Re:No trust without source

[Desler]

No they weren't. They specifically say:

It's not open source. You can't compile it yourself. You have no idea what is in the source.

Which is patently false. You can know what's in the source merely by looking at it (if one couldn't this whole story wouldn't exist) and one compile it.

Re:No trust without source

[sl4shd0rk]

Not open source? The source is available for download here.

Wow, TIL Truecrypt is open source :/

Re:No trust without source

[Desler]

How else did you expect them to audit the source if it wasn't publicly available?

Re:No trust without source

Did you also learn that you're a clueless fuckface that speaks before you talk?

Re:No trust without source

It's not open source.

Not open source? The source is available for download here [truecrypt.org].

I see. So Microsoft Windows is also open source you say?
After all, the source is available for download here: http://www.microsoft.com/en-us/sharedsource/default.aspx

In both cases, you can see the code, and compile it.
In both cases, the license does NOT grant you permission to copy the compiled binary anywhere, or to distribute it.

Seeing the source does not make it Open Source, which has nothing to do with the source, but is ALL about the license.

Re:No trust without source

got the binary handy?

Reverse engineer the Windows binaries?

[IamTheRealMike]

The writing random bytes thing, but only on Windows, is rather puzzling. It seems like one way to build confidence that's faster than setting up a deterministic build (which at any rate, would not necessarily be accepted by the TrueCrypt authors it seems), would be to open up the binaries in IDA Pro and figure out if the bytes written there on Windows truly are random or if they are not.

Re:Reverse engineer the Windows binaries?

[TangoMargarine]

open up the binaries in IDA Pro and figure out if the bytes written there on Windows truly are random or if they are not.

One of the very mechanics that TrueCrypt relies on for its plausible deniability for hidden volumes is that mathematically it is very difficult to prove whether the data is random or encrypted...not to mention the difficulty with computers and ever generating "truly random" data, which I believe there was just an article about this week.

Re:Reverse engineer the Windows binaries?

[Urza9814]

http://en.wikipedia.org/wiki/Interactive_Disassembler

The point he was making was to analyze the Truecrypt program binary, not the encrypted file it creates. Which would probably be more difficult than it sounds...disassembler output is pretty crappy to read, though you should be able to compare it to the published source (since that apparently may differ from the binary) without *too* much trouble to find the differences.

Oh really?

[Sperbels]

"TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it except the NSA.

FTFY

Re:Oh really?

[L4t3r4lu5]

"TrueCrypt has been part of security-minded users' toolkits for nearly a decade â" but there's one problem: no one has ever conducted a full security audit on it except the NSA when they wrote it, backdoors and all.

FTFFY </tinfoil>

A Simple Cheap Way To Do This

Ask the author how they compile it. Get that exact source and compile it that way. Then work out each difference. Libs get searched in directory or date order? Tweak that. Till all that is different are a few timestamps NIC MAC's, etc.

Then just audit the source. Non-trivial in itself.

Re:A Simple Cheap Way To Do This

Ask the author how they compile it.

Great idea!

Now we just need to find the unknown, anonymous author...

Re:A Simple Cheap Way To Do This

[gl4ss]

..another idea, if the original compiler guy of the windows version is unknown.

just compile the windows version and start distributing that.

Brasil sponsoring

Maybe Brasil could be asked for sponsoring this audit ?

It would fit into their current intentions, eg
http://www.theguardian.com/world/2013/sep/20/brazil-dilma-rousseff-internet-us-control

Brilliant ploy?

Is it actually that the NSA can't break TrueCrypt, and this is FUD to make people think twice about using it?

NSA launches project FUD against Trucrypt

Be in no doubt. You are NOT witnessing an attempt to ensure the security of Truecrypt. You ARE seeing a standard FUD play by NSA people against one of the greatest thorns in their side.

Put this in the same category as those regular stories that appear on Slashdot and elsewhere, telling you that you CANNOT ever be sure that your erased data on your Hard-drive cannot be recovered by sophisticated forensic analysis of the magnetic surface. The NSA even paid to have a peer-reviewed paper placed in the scientific literature claiming such recovery is possible- despite the fact that such a claim is provably laughable.

Here's the mathematical proof of NONE recoverability of properly deleted data.
- let us say that you fill a HDD with target data, and now over-write that data with a RANDOM series of bytes. If the original data CAN be recovered, we have DOUBLED the capacity of the HDD, because logically there can be no distinction between the original data, and the random data used to erase it.
- now, let's say we wipe again with another random sequence. If the original data can be recovered, we have TRIPLED the capacity of the HDD, for the reason stated above.
- and again, we wipe with another random wave. If the original data is STILL recoverable, we have quadrupled the functioning capacity of the HDD.
- repeat, etc.

The problem is that the HDD is designed, given the head, recording signal, and surface material, to only support the original capacity under the signal theory that covers the current method of recording. It does NOT matter that in theory, the disk material MAY be able to save far more data with a different head, and signal method. Only the current method matters.

But the owners of Slashdot will allow periodic FUD articles to appear that DISCOURAGE people from using proper file erase tools, on the basis that its actually a waste of time, because the NSA can still get your data no matter how you erase it.

Much of what the NSA engages in is PSYCHOLOGICAL WARFARE. Major US TV networks and film studios, for instance, have been ordered to NEVER reveal the fact that ALL mobile phones in the USA have their location continually tracked by cell tower triangulation methods. While is is actually LAW in the US that every cell phone must have continuous location tracking ability, the US government believes many criminals are inherently stupid, and will allow their cell phones to produce evidence against them ***IF*** they have false ideas about how cell phone technology works. US Dramas like 'Shameless' (the US remake) and films like 'The Call' have actually informed the audience that ONLY phones with real GPS chips can be location-tracked- a complete and total lie, but a lie designed to sink into the unsophisticated minds of the sheeple.

The truth about the strength of Truecrypt is the complete LACK of stories about Truecrypt being defeated in practice. Shills will try to tell you that this is because Truecrypt is defeated in super-secret cases you can't be allowed to hear about, but this is a nonsense for two reasons. If you are a high level target of the NSA, nothing can save you, so the security of any encryption system is irrelevant. If systems like Truecrypt are defeated as part of ordinary governmental actions, the government, by law, has to allow this fact to be known (the RIGHT to a fair trial, etc).

So instead, you get this FUD attack against Truecrypt, which will persuade a certain percentage of suckers to NOT bother using Trucrypt in the first place, give up using it, or transfer to a commercial alternative that is DEFINITELY compromised by the NSA (ALL commercial encryption software is compromised).

Re:NSA launches project FUD against Trucrypt

How is wanting to audit the source code "FUD"? It sounds more like you're an NSA mis-information agent seeking to prevent people from doing this audit. There must be a good reason your so upset over someone independently verifying the security of the program. Must be a pretty big backdoor in the program for such a defensive post.

Re:NSA launches project FUD against Trucrypt

[MetalliQaZ]

I have a feeling he just wanted to get that out. It was a decent post, so I'll allow it despite the touch of crazy.

Re:NSA launches project FUD against Trucrypt

[TangoMargarine]

If they had the ability to break TrueCrypt encryption, they would want people to keep using TrueCrypt and thus not say anything.

But both that, and the "doubling hard drive capacity" bit is ignoring the possibility of ridiculously expensive tools that allow one to laboriously do thing normal people can't.

Re:NSA launches project FUD against Trucrypt

I have a fair amount of experience in the field (I'll leave it at that, as my credentials are not of relevance to my point). I performed an audit of TrueCrypt 6.0 when it came out, and I was not able to detect anything wrong. A few details of the header format are a little out in the documentation (e.g. GF(256) addition instead of XOR for whitening, but hardly of any security impact, the curious choice of RIPEMD160 in the morning, which actually seems to be due to simple "it fits" criteria) but that's about it. I didn't see any 'back doors' in the copy I had. (Obviously, with the concerns regarding x.509 CAs and TLS, I can't speak for the copy you might have.)

The only times I've ever seen TrueCrypt cracked by SIGINT or LE agencies, it involved: hardware keyloggers, Firewire DMA attacks, NONSTOP attacks (or 'cold boot' attacks as the open-source security community later dubbed them - they're not as new as you'd think, crackers were doing them in the 80s - when they were, admittedly, easier), or brute-force analysis of short crappy passwords. They used Cell processors in parallel to do that (at one point, literally a cluster of PlayStation 3s running Linux). This is consistent with TrueCrypt's documentation. They have certainly failed to crack TrueCrypt in several high-profile terrorism cases where they would really, really like to do so. It seems reasonable to conclude that in general, they cannot work through it, only around it.

It also seems likely that if they are unable to crack it, they are likely to dissuade people from using it by social engineering, and perhaps direct them to weaker tools that are easier for them to subvert. I concur with parent on that point.

But ultimately, you don't have to trust me. You shouldn't. Many eyes do make bugs shallow, as long as the eyes are actually there and actually look. A few more eyes definitely can't hurt on a security-critical project like this. Please, by all means independently audit it. It is good practice that all software with a security impact, particularly high-profile cryptography software, should be audited whenever possible. That is entirely laudable, and we should do it.

Re:NSA launches project FUD against Trucrypt

[Kjella]

The problem is that the HDD is designed, given the head, recording signal, and surface material, to only support the original capacity under the signal theory that covers the current method of recording. It does NOT matter that in theory, the disk material MAY be able to save far more data with a different head, and signal method. Only the current method matters. But the owners of Slashdot will allow periodic FUD articles to appear that DISCOURAGE people from using proper file erase tools, on the basis that its actually a waste of time, because the NSA can still get your data no matter how you erase it.

You sure YOU don't work for the NSA? The recording capability is what it is, but the reading capability is whatever you can put in a $100 consumer drive operating at 100MB/s with 1 error in 10^14 bits accuracy. What you can do with a >$1 million electron microscope at 1/1000th the speed at 1/1000th the accuracy is another matter. You might not want a 0.1 MB/s drive that corrupts a bit every megabyte but for forensics that's plenty. Never mind that all modern drives just pretend to offer you a linear disc, in reality it remaps a whole sector if a single bit fails. How much compromising info can you write in 4023 out of 4024 bits of a 4K sector? It's not useless but everything you hope to achieve with erasing is better achieved with encryption. Nor are they mutually exclusive, if you want to wipe your encrypted drive for that extra unrecoverable feeling go ahead.

Re:NSA launches project FUD against Trucrypt

kinda odd every crime show i see these days use burner phones pull the battery and throw them out the window after the call. we all know they can be tracked if its a phone they know you have.

Re:NSA launches project FUD against Trucrypt

[Urza9814]

The problem is that the HDD is designed, given the head, recording signal, and surface material, to only support the original capacity under the signal theory that covers the current method of recording. It does NOT matter that in theory, the disk material MAY be able to save far more data with a different head, and signal method. Only the current method matters.

Then you don't understand what people are saying when they say deleted and overwritten data can be recovered. The ENTIRE POINT is that you are NOT using the same head. You use an electron microscope. A hard drive read head's resolution is hundreds of nanometers. A electron microscope's resolution is a few picometers. Even if the tolerances on those hard drives are only 1%, you'd expect to be able to recover some data with an electron microscope. Older hard drives would be easier as they have lower resolution read/write heads; newer ones would be harder.

Now, whether or not anyone would ever use that, and could get sufficient data to reproduce files at will is another matter -- they almost certainly could not. But the fundamental concept is not only possible; it's frankly rather obvious.

Re:NSA launches project FUD against Trucrypt

You don't seem to know anything about hard drives.

Not only that you assume, that a e.g. 1TB Harddrive only fits 1TB (it does fit way more if you reduce reading speed and use better equipment) you also seem to ignore the fact that this is a physical device that suffers abrasion.
If you use a device for some time the exact "spot" a bit is written, cannot be "hit" (or erased) again. Therefore there will always be some traces of files left, that cannot be deleted by software, since the device is not able to write to the exact sector.

And in the end the final proof for your incredibility is your assumtion that it would be better to not inspect the code for errors in fear they might find anything and thus undermine the trust in the software. So lets all look away and let the NSA be the only ones who find bugs and backdoors?
This assumtion has been proven wrong so many times its not worth even considering this nonesense.

Why Should We Trust THESE Guys

The ones setting up the auditing.

The first thing that needs to happen (I don't see it on ther website) is to develop the world's trust in this audit team's leaders.

Re:Why Should We Trust THESE Guys

[BrentNewland]

We don't need to trust them. We just need to trust the company that does the actual audit.

Ethical?!

Even though nobody comes out to actively defend a work, it still isn't ethical to recopy and relicense someone else's stuff without permission.

(Seriously?)

It passes the "intent of copyright law" test (if they aren't exercising their monopoly (the very incentive that copyright offers) then the copyright serves no purpose). Copyright without market participation just doesn't make any sense at all.

It passes the "golden rule" test (if I released something anonymously but forgot to grant explicit permission to make derived works, then I wouldn't bitch if someone else opened it, thereby allowing my software to become maintained). Put the shoe on the other foot, and it fits.

Furthermore, if you don't know who did it, then for all you know, they're literally dead. A corpse cannot possibly be a victim; there's basically nothing unethical you can do with a corpse, except maybe feed it to someone for purposes of distressing them. Along the same lines, they might simply not-give-a-fuck (but be alive). You can commit an ethical infringement against someone who doesn't consider it to be an infringement.

You have no reason to suspect that whoever wrote it, has a problem with relicensing. I'm not saying that makes it permissable/safe/etc to relicense, but ethical? I think the ethics here are pretty well covered. Copyright currently has totally insane durations, far beyond the 5 years that ought to be normal for software. When someone releases something anonymously under such a system, they are damn well accepting that plenty of people wil be ethically disregarding any copyright, and that from a purely (i.e. admittedly non-pragmatic) ethical viewpoint, it simply isn't copyrighted. You can't have an anonymous ethical copyright. There's nothing to infringe, except per the law, and ONLY the law.

Look at it this way: I'm not saying it's ethical to do just anything to anonymous people, of course, but when someone chooses to be anonymous, they really are consenting to give up certain rights, pertaining to the action they perform anonymously. Asserting an anonymous copyright is a totally bullshit move and it's an ethical error to assign the same respect to it, that you'd give to a serious person.

Re:Ethical?!

[BrentNewland]

That's a load of crap.

Why mention only old versions?

[johanw]

The current version of TrueCrypt is 7.1a. Why are they only talking of older versions?

Re:Why mention only old versions?

[Desler]

Because that was the version that was examined in the report they quoted.

Re:Why mention only old versions?

7.1a is old by software standards. according to the site it was released in Feb. 2012 and no other development since then which kind of makes me suspicious seeing as how versions prior were every few months to a year but nothing since Feb. 2012.

A stale non-updated security encryption software can't be good.

Re:Why mention only old versions?

[readeracc]

I do have to agree with the fact that the latest build is indeed quite old, annoyingly so. But I'm not suspicious as to their reasons - I'm more inclined to believe that the developers are just slow. Without any additional evidence and only conjecture, that's the only logical reason for there not being another version since then.

Re:Why mention only old versions?

[antdude]

Also, it came out on 2/7/2012. No recent updates? It also asks for donations on the web site. Is it low on budget?

Assume all versions are compromised

[rbanzai]

It's time to assume that all forms of encryption and communication have been compromised and probably have been for many years. There's no coming back from this when the most powerful country on Earth intends to keep things this way.

Re:Assume all versions are compromised

[johanw]

Why? Open source can help here very much, and the most bancrupt country on Earth can do nothing to stop publishing code.

Why bother?

[weilawei]

Why bother audting a closed binary which can change drastically from one version to the next, requiring a near-complete (if not total) re-audit (a laborious process the first time around)?

The better solution is to look to open source implementations, like tcplay. Audit an open source implementation, where it's easy to see exactly what changed and how it might affect the machine's state.

This is a bad solution to a non-problem.

Re:Why bother?

You muppet. I guess reading is hard for you, you can audit the TC source too.

Re:Why bother?

Not sure why you got marked down - probably best comment so far.

Programmers don't have to come forward ...

[perpenso]

Well they would have to come forward to launch legal proceedings, wouldn't they?

"Copyright (c) 2008 TrueCrypt Developers Association. All rights reserved."

No. Only a legal representative of the TrueCrypt Developers Association needs to come forward. No programmer is necessary. Business types and lawyers will do.

Windows source code was (is ?) available ...

[perpenso]

You can't see the source, you are in the position of having to trust.

Windows source code was (is ?) available to university researchers working on projects that Microsoft finds interesting. A friend (PhD candidate) was on such a research project.

If Microsoft allows professors and students to see the Windows source code I'd wager that governmental entities are allowed to see it as well.

Re:Windows source code was (is ?) available ...

[koan]

Which means nothing to me, the students aren't auditing it, you can't be certain that they gave them the *complete* code and you're suggesting that because the *government* has access to the code I shoudl be more trusting?

Is this sort of delusional behavior typical of all Windows users? All it takes is 1 second of thought to see your comments are absurd.

Re:Windows source code was (is ?) available ...

[perpenso]

Which means nothing to me, the students aren't auditing it, you can't be certain that they gave them the *complete* code and you're suggesting that because the *government* has access to the code I shoudl be more trusting? Is this sort of delusional behavior typical of all Windows users? All it takes is 1 second of thought to see your comments are absurd.

Perhaps you should think about things for longer than one second. If you read my post for comprehension you will notice I made no claim about trust, merely that source code is available to some, contrary to a claim that was made. Apologies if this fact somehow contradicts your theories.

Irrelevant with respect to audits ...

[perpenso]

In both cases, you can see the code, and compile it. In both cases, the license does NOT grant you permission to copy the compiled binary anywhere, or to distribute it.

That is irrelevant with respect to audits. If your build matches the official build then your build does not need to be distributed, its redundant.

If the code is the same ...

[perpenso]

As was mentioned above, digital signature key used to sing Windows executable are not released. Therefore, it will never be possible to get a binary result identical to what is published on TryueCrypt website.

If the code is the same and the differences are only in an appended signature and embedded timestamps then it would be practical to verify the binary.

To be honest the last time I did such a comparison was a couple of major revisions of Dev Studio ago.

factually false, the author put a license on it

[raymorris]

> but forgot to grant explicit permission to make derived works

They did not forget - they laid out the permissions they wanted to grant in their license.

> You have no reason to suspect that whoever wrote it, has a problem with relicensing.

Suspect? We KNOW exactly what they have a problem with and what they don't - it's right there in black and white.

Hmmm, be careful who you give your money to

There are so many things you can pick on this way, it seems like these guys have business model to use crowd-funding to get paid (in advance) for work they can't get or do otherwise. Not fooled.

BestCrypt

http://www.jetico.com/

Tried and tested. Been around for decades. While not "open source," the full unix source code is free and is well maintained, including package metadata for popular distributions. They charge for binaries but the full software is free (including GUI) if you download and compile it yourself.

Compilers as well?

Compilers themselves have been known to plant backdoors in the software they create as well.