Slashdot Mirror
Security Researchers Want To Fully Audit Truecrypt
Hugh Pickens DOT Com writes "TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. 'Lots of people use it to store very sensitive information,' writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. 'That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this.' According to Green, Truecrypt 'does some damned funny things that should make any (correctly) paranoid person think twice.' The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. 'As it can't be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.' Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. 'We're now in a place where we have nearly, but not quite enough to get a serious audit done.'"
I am shocked, and frankly a little pissed off that Version 6 and Version 7 aren't identical.
Thirty four characters live here.
Yeah, it's a typo. The privacy report says in the last full paragraph on page 13:
As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.
Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.
Well, we can't trust that copy/paste hasn't been back-doored.
...if you distribute modified versions of TrueCrypt, you cannot charge for copies. That is non-free...
...nothing in the license constitutes a promise not to sue for copyright infringement. Our counsel advises that a plain reading of this indicates that if Fedora complies with all the requirements of the TrueCrypt license, we would nonetheless have no assurance that TrueCrypt will not sue me for my acts of copying, distribution, creation of derivative works, and so forth...
TrueCrypt seems to be reserving the right to sue any licensee for copyright infringement, no matter whether they comply with the conditions of the license or not. Based on this, our counsel advised that above and beyond being non-free, software under this license is not safe to use...
Our counsel advised us that this license has the appearance of being full of clever traps, which make the license appear to be a sham (and non-free).
Given all of this, plus the problems with TrueCrypt authorship etc. I think the best course of action is replacing with a free implementation, maybe starting with something like this?
Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone.-rms
Except copyright law doesn't work that way.
How does copyright work in the case of anonymous authorship? I found this info which I make no attempt to explain . . .
In the US, there's this:)
(c) Anonymous Works, Pseudonymous Works, and Works Made for Hire. — In the case of an anonymous work, a pseudonymous work, or a work made for hire, the copyright endures for a term of 95 years from the year of its first publication, or a term of 120 years from the year of its creation, whichever expires first. If, before the end of such term, the identity of one or more of the authors of an anonymous or pseudonymous work is revealed in the records of a registration made for that work under subsections (a) or (d) of section 408, or in the records provided by this subsection, the copyright in the work endures for the term specified by subsection (a) or (b), based on the life of the author or authors whose identity has been revealed. Any person having an interest in the copyright in an anonymous or pseudonymous work may at any time record, in records to be maintained by the Copyright Office for that purpose, a statement identifying one or more authors of the work; the statement shall also identify the person filing it, the nature of that person's interest, the source of the information recorded, and the particular work affected, and shall comply in form and content with requirements that the Register of Copyrights shall prescribe by regulation.
And this
Anonymous Work
An author's contribution to a work is “anonymous” if that author is not identified on the copies or phonorecords of the work. If the contribution is anonymous, you may:
* reveal the author's identity even though the work is anonymous, or
* leave the author fields blank, or
* give “Anonymous” in the last name field.
Note that if a work is “made for hire,” you must name the employer as author. In any case, you should check the anonymous box.
And internationally, there's this advice from wikipedia.
I am not a crackpot.
I use the best encryption ever for everything I need to keep secret. The algorithm is a simple bitwise XOR applied to every byte in the file, using the data itself as a one-time pad. Completely uncrackable unless you know the data that was used for the pad.
The output also compresses really well!
=Smidge=
I am TheRaven on Soylent News
It's not open source.
Not open source? The source is available for download here.
You can't compile it yourself. You have no idea what is in the source.
You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.
Why do you give a flying **** what the NSA are doing with your data? I don't. I'm more concerned about Russia, China and assorted hackers and scammers the world over who might actually want to do me harm,
Because as a U.S. resident, I don't worry about Russia, China, etc. kicking my door down and throwing me in jail or putting me on a no-fly list for some joke I made in a private email to a friend.
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
Why do you give a flying **** what the NSA are doing with your data?
Because government entities are being used to punish those of differing political beliefs than those in power. It will only get worse, and it matters not what "side" the current rulers are. The current administrations favorite punishment tool seems to be the IRS. Can't wait to find out how bad it gets with the next administration.
You must gather your party before venturing forth.
I have a fair amount of experience in the field (I'll leave it at that, as my credentials are not of relevance to my point). I performed an audit of TrueCrypt 6.0 when it came out, and I was not able to detect anything wrong. A few details of the header format are a little out in the documentation (e.g. GF(256) addition instead of XOR for whitening, but hardly of any security impact, the curious choice of RIPEMD160 in the morning, which actually seems to be due to simple "it fits" criteria) but that's about it. I didn't see any 'back doors' in the copy I had. (Obviously, with the concerns regarding x.509 CAs and TLS, I can't speak for the copy you might have.)
The only times I've ever seen TrueCrypt cracked by SIGINT or LE agencies, it involved: hardware keyloggers, Firewire DMA attacks, NONSTOP attacks (or 'cold boot' attacks as the open-source security community later dubbed them - they're not as new as you'd think, crackers were doing them in the 80s - when they were, admittedly, easier), or brute-force analysis of short crappy passwords. They used Cell processors in parallel to do that (at one point, literally a cluster of PlayStation 3s running Linux). This is consistent with TrueCrypt's documentation. They have certainly failed to crack TrueCrypt in several high-profile terrorism cases where they would really, really like to do so. It seems reasonable to conclude that in general, they cannot work through it, only around it.
It also seems likely that if they are unable to crack it, they are likely to dissuade people from using it by social engineering, and perhaps direct them to weaker tools that are easier for them to subvert. I concur with parent on that point.
But ultimately, you don't have to trust me. You shouldn't. Many eyes do make bugs shallow, as long as the eyes are actually there and actually look. A few more eyes definitely can't hurt on a security-critical project like this. Please, by all means independently audit it. It is good practice that all software with a security impact, particularly high-profile cryptography software, should be audited whenever possible. That is entirely laudable, and we should do it.