How I Compiled TrueCrypt For Windows and Matched the Official Binaries

← Back to Stories (view on slashdot.org)

How I Compiled TrueCrypt For Windows and Matched the Official Binaries

Posted by timothy on Thursday October 24, 2013 @08:17AM from the all-the-lurid-details dept.

First time accepted submitter xavier2dc writes "TrueCrypt is a popular software enabling data protection by means of encryption for all categories of users. It is getting even more attention lately following the revelations of the NSA as the authors remain anonymous and no thorough security audit have yet been conducted to prove it is not backdoored in any way. This has led several concerns raised in different places, such as this blog post, this one, this security analysis [PDF], also related on that blog post from which IsTrueCryptAuditedYet? was born. One of the recurring questions is: What if the binaries provided on the website were different than the source code and they included hidden features? To address this issue, I built the software from the official sources in a careful way and was able to match the official binaries. According to my findings, all three recent major versions (v7.1a, v7.0a, v6.3a) exactly match the sources."

250 comments

Min score:

Reason:

Sort:

But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 08:19 · Score: 5, Funny

But can you trust xavier2dc? It's turtles all the way down.
1. Re:But can you trust xavier2dc? by javajawa · 2013-10-24 08:24 · Score: 5, Interesting
  
  Then follow the same steps and compile it yourself. You should come to the same results.
  
  --
  Meh
2. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 08:28 · Score: 0
  
  Who prevents you from verifying it on your own? The guy gave the exact steps to reproduce. Obviously even if you do so you cannot tell if the toolchain isn't backdoored, but once you started you can't ever stop doubting...
3. Re:But can you trust xavier2dc? by slashmydots · 2013-10-24 08:29 · Score: 1
  
  You're right, I'm inventing my own encryption method from scratch. Then my anime/hollywood movie crossover fanfics will finally be safe.
4. Re:But can you trust xavier2dc? by Impy+the+Impiuos+Imp · 2013-10-24 08:30 · Score: 5, Funny
  
  Yah, really.
  Wait! But what if I, myself, am an NSA stooge and don't realize it?
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
5. Re:But can you trust xavier2dc? by maxwell+demon · 2013-10-24 08:31 · Score: 2, Funny
  
  OK, but how do I compile xavier2dc? Is the source even available?
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
6. Re:But can you trust xavier2dc? by mrchaotica · 2013-10-24 08:31 · Score: 2
  
  Step 1: download hacked_compiler.exe from xavier2dc.com...
  (I kid, but "Reflections on Trusting Trust" shows that it's possible...)
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
7. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 08:31 · Score: 1
  
  Trust myself?! I can't even trust myself not to browse slashdot at work.
8. Re:But can you trust xavier2dc? by nani+popoki · 2013-10-24 08:33 · Score: 2
  
  Ken Thompson once presented a hack where he modified the C compiler to insert a backdoor in the generated code for the UNIX login code (and only that one specific module!). So trusting the compiler to do what you say is NOT an "of course".
9. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 08:36 · Score: 0
  
  I'm sorry, but your Sailor Moon vs. Iron Man stories have already been stolen, and are being made into the next blockbuster picture from Sony Entertainment as we speak.
10. Re:But can you trust xavier2dc? by paiute · 2013-10-24 08:40 · Score: 5, Funny
  
  OK, but how do I compile xavier2dc? Is the source even available?
  Step 1: Find his mother
  
  --
  If Slashdot were chemistry it would look like this:Cadaverine
11. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 08:41 · Score: 1
  
  PKD is that you?!
12. Re: But can you trust xavier2dc? by wo1verin3 · 2013-10-24 08:41 · Score: 1
  
  I would watch the hell out of that.
13. Re:But can you trust xavier2dc? by tippe · 2013-10-24 08:46 · Score: 5, Funny
  
  Lets give him the Voight-Kampff test and find out...
14. Re:But can you trust xavier2dc? by Shoten · 2013-10-24 08:54 · Score: 4, Insightful
  
  Then follow the same steps and compile it yourself. You should come to the same results.
  I think you're kind of missing his two points. One, he's joking. But two, he's also serious...yes, that is what someone can do. But will they? Probably not. I'm willing to bet that 80% minimum of those who read TFA will simply accept it as canon and move on with it a fact in their minds that the two do match. And beyond that, they will keep it as a fact in their minds even for future releases, which haven't been validated in this way. So that's really the challenge here.
  And even worse, think about all the TrueCrypt users who don't have the technical ability to compile binaries, much less do it in a very specific way? Ultimately, someone has to be trusted, and trust is a web rather than something that flows from a single fountain when it comes to society.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
15. Re: But can you trust xavier2dc? by i+kan+reed · 2013-10-24 08:57 · Score: 0
  
  Thank you for the current state of movie releases, clearly generic American consumer. Do you somehow get invited to all the focus groups?
16. Re:But can you trust xavier2dc? by amicusNYCL · 2013-10-24 08:59 · Score: 4, Funny
  
  One, he's joking. But two, he's also serious.
  You just blew my mind.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
17. Re:But can you trust xavier2dc? by bondsbw · 2013-10-24 08:59 · Score: 2, Funny
  
  What if the NSA injected a Ken Thompson hack into our human compilers? Our DNA may have an NSA backdoor!
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
18. Re: But can you trust xavier2dc? by NatasRevol · 2013-10-24 09:09 · Score: 2
  
  Unfortunately, yes he does.
  
  --
  There are two types of people in the world: Those who crave closure
19. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 09:09 · Score: 0
  
  Yah, really.
  Wait! But what if I, myself, am an NSA stooge and don't realize it?
  Then you'd know more about ME.. so, since you don't, then you aren't! :-) See how easy that is! Now you know you can trust yourself again!! :-)
20. Re:But can you trust xavier2dc? by nitehawk214 · 2013-10-24 09:11 · Score: 1
  
  Then follow the same steps and compile it yourself. You should come to the same results.
  How do you compile a person?
  
  --
  I'm a good cook. I'm a fantastic eater. - Steven Brust
21. Re: But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 09:11 · Score: 0
  
  Would be better as a TV series, no?
22. Re:But can you trust xavier2dc? by PopeRatzo · 2013-10-24 09:12 · Score: 1
  
  Lets give him the Voight-Kampff test and find out...l
  Is there gonna be math on that test?
  
  --
  You are welcome on my lawn.
23. Re:But can you trust xavier2dc? by TangoMargarine · 2013-10-24 09:22 · Score: 3, Funny
  
  Yes. They give you a couple complex calculus problems and if you get them right, you're a robot.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
24. Re:But can you trust xavier2dc? by Grog6 · 2013-10-24 09:23 · Score: 5, Funny
  
  If there's DNA on your Backdoor, you've just been rooted!
  (sorry; but this IS /.) :)
  
  --
  Truth isn't Truth - Guliani
25. Re:But can you trust xavier2dc? by TangoMargarine · 2013-10-24 09:23 · Score: 1
  
  http://www.catb.org/jargon/html/H/ha-ha-only-serious.html
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
26. Re:But can you trust xavier2dc? by Applekid · 2013-10-24 09:25 · Score: 4, Funny
  
  Ken Thompson once presented a hack where he modified the C compiler to insert a backdoor in the generated code for the UNIX login code (and only that one specific module!). So trusting the compiler to do what you say is NOT an "of course".
  And how can I trust the cpu to actually execute the code as compiled and not insert it's own microcode into the process? And how can I trust the memory chips that hold my data to not clandestinely copy it off someplace else?
  No no, the only solution is to catch the butterflies whose wings flapped and waterboard them to learn the truth.
  
  --
  More Twoson than Cupertino
27. Re:But can you trust xavier2dc? by gigaherz · 2013-10-24 09:29 · Score: 1
  
  The problem with custom encryption systems is that, unlike the real kind, they CAN be hacked "in seconds" by a professional. The only algorithms you could trust to be safe would be the ones the NSA themselves use to store their secrets. On the downside, the docs for those are probably encrypted using the algorithms themselves...
28. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 09:37 · Score: 0
  
  Then follow the same steps and compile it yourself. You should come to the same results.
  But what if the exploit is hidden in one of the libraries?
  Or the source code itself?
  Or even the compiler?
  You're going to have to take the binary and reverse engineer it from the machine code level to be 99% sure. Then you'll need to bust out some heavy hardware so you can reverse-engineer the actual hardware in your computer to make sure there isn't a backdoor slipped into the CPU microcode, or an auxillary chip somewhere.
  And once that's all complete, don't forget to go get a CAT scan to make sure they haven't implanted a mind-controlling chip in your own brain! But you'll also need to repeat the entire process for the CAT scanner and its software, as well as the techs running the machine.
  Like he said, Turtles all the way down.
29. Re:But can you trust xavier2dc? by RawsonDR · 2013-10-24 09:40 · Score: 2
  
  Yah, really.
  Wait! But what if I, myself, am an NSA stooge and don't realize it?
  You'll need to provide us with your source code. We'll review, then recompile. If the output matches then we know we can trust (both of) you.
30. Re:But can you trust xavier2dc? by David_Hart · 2013-10-24 09:44 · Score: 1
  
  Yes. They give you a couple complex calculus problems and if you get them right, you're a robot.
  Or you have 1000 monkeys working for you...
31. Re:But can you trust xavier2dc? by wonkey_monkey · 2013-10-24 09:46 · Score: 1
  
  I'm sorry, but your Sailor Moon vs. Iron Man stories have already been stolen
  It wasn't "vs." You don't want to know what it was, but it wasn't that.
  
  --
  systemd is Roko's Basilisk.
32. Re:But can you trust xavier2dc? by cheater512 · 2013-10-24 09:58 · Score: 1
  
  Step 5. Insert NSA trojan in to binary.
  Yep I got the exact same binary too!
33. Re:But can you trust xavier2dc? by TangoMargarine · 2013-10-24 10:02 · Score: 1
  
  I think the point of the test would be kind of nullified if it allowed extended execution length or parallelization.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
34. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 10:37 · Score: 0
  
  "But can you trust xavier2dc? It's turtles all the way down."
  Blasphemy! It's only one turtle, the great A'Tuin.
35. Re:But can you trust xavier2dc? by geekoid · 2013-10-24 10:44 · Score: 1
  
  And who did the security audit of your compilers?
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
36. Re:But can you trust xavier2dc? by bobbied · 2013-10-24 10:59 · Score: 2
  
  Until you personally have inspected the source code for everything down to the BIOS and microcode in your hardware there will always be a chance there is a backdoor.
  BUT, it all depends on how far away you go with your trust. Don't trust the application? Build from source. Don't trust the build chain? Build it from source. Don't trust your OS? Build it from source using your built compiler... On and on, until you have literally built everything yourself. The good news is that the farther you get away from the application, the less likely there will be a issue with trusting so the lower risk it becomes. But if you simply MUST then you are going to be building a lot of stuff.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
37. Re:But can you trust xavier2dc? by djmurdoch · 2013-10-24 11:08 · Score: 1
  
  Sure you can trust him. An AC said he found the same thing.
38. Re:But can you trust xavier2dc? by killkillkill · 2013-10-24 11:12 · Score: 1
  
  Let me the compile tools used to compile it and then then I'll trust it. Oh, the source for Microsoft's build tools aren't available? Well, we'll just have to trust that Microsoft doesn't cooperate with the NSA.
39. Re:But can you trust xavier2dc? by Grog6 · 2013-10-24 11:42 · Score: 1
  
  The NSA, of course. :)
  Or NIST; same thing.
  
  --
  Truth isn't Truth - Guliani
40. Re:But can you trust xavier2dc? by omtinez · 2013-10-24 11:55 · Score: 2
  
  On that line of thought, trying to replicate the binaries takes a whole new meaning
41. Re:But can you trust xavier2dc? by superwiz · 2013-10-24 12:52 · Score: 1
  
  Hey, first time submitter... just one question: From what IP?
  
  --
  Any guest worker system is indistinguishable from indentured servitude.
42. Re:But can you trust xavier2dc? by superwiz · 2013-10-24 12:53 · Score: 1
  
  So that when you fail to get an exact match, you'd get embarrassed and stay quite? You can't prove a negative, you know.
  
  --
  Any guest worker system is indistinguishable from indentured servitude.
43. Re:But can you trust xavier2dc? by u38cg · 2013-10-24 13:13 · Score: 1
  
  Go through Schneier posts and read Clive Robinson's responses. Job's a good 'un.
  
  --
  [FUCK BETA]
44. Re:But can you trust xavier2dc? by __aaltlg1547 · 2013-10-24 13:14 · Score: 1
  
  And even if the binaries don't match, you'll have open-source Truecrypt.
45. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 13:54 · Score: 1
  
  You're Australian?
46. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 13:54 · Score: 0
  
  One, he's joking. But two, he's also serious.
  You just blew my mind.
  He must be seriously joking!
47. Re:But can you trust xavier2dc? by IndustrialComplex · 2013-10-24 14:32 · Score: 5, Funny
  
  You'll need to provide us with your source code.
  
  I'll provide you my source code, but just remember, you asked for it. So no complaining to the police when it is delivered.
  
  --
  Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
48. Re:But can you trust xavier2dc? by jonfr · 2013-10-24 14:54 · Score: 2
  
  Just run Windows ME and then you never have to worry about NSA.
49. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 17:50 · Score: 0
  
  And who did the security audit of your compilers?
  And would you trust the security auditors?
50. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 18:20 · Score: 0
  
  Who says I can be trusted?
51. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 19:03 · Score: 0
  
  One, he's joking. But two, he's also serious.
  You just blew my mind.
  Jokes that convey a truth are the best.
52. Re:But can you trust xavier2dc? by davester666 · 2013-10-24 19:46 · Score: 1
  
  The NSA will backdoor anybody. Without a condom.
  
  --
  Sleep your way to a whiter smile...date a dentist!
53. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 21:03 · Score: 0
  
  What if the compiler is compromised?
54. Re:But can you trust xavier2dc? by cripkd · 2013-10-24 21:35 · Score: 1
  
  Of course. I'm alive and you're all dead.
  
  --
  Curiously yours, crip.
55. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 21:41 · Score: 0
  
  Unfortunately you still have no evidence that the source itself is ok, and doesn't contain either obvious or obfuscated backdoors. You also need to conduct your own security audit, after acquiring the skills to do so (and trusting that your teacher hasn't left some tricks out).
56. Re:But can you trust xavier2dc? by u38cg · 2013-10-24 21:53 · Score: 1
  
  Dig through Clive Robinson's comments on Schneier's blog. He's actually bootstrapped the entire toolchain from handbuilt airgapped electronics and been able to actually show that the result is what was expected.
  
  --
  [FUCK BETA]
57. Re:But can you trust xavier2dc? by clickclickdrone · 2013-10-24 21:55 · Score: 1
  
  >Step 1: Find his mother
  Step 2 ???
  Step 3 Profit!
  
  --
  I want a list of atrocities done in your name - Recoil
58. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 22:11 · Score: 0
  
  Everyone has now heard of Ken Thompson's compiler backdoor trick, many of us decades ago. Could people please stop presenting it in every discussion about code security as though it were surprising and new?
59. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-24 23:01 · Score: 0
  
  How do you know your compiler can be trusted? Did you download your compiler from the internet? Was it digitally signed?
60. Re:But can you trust xavier2dc? by gsslay · 2013-10-24 23:41 · Score: 1
  
  The solution is obvious; either trust no-one, do everything yourself. Or trust others.
  With the former, you'll never ever get caught out by trusting something/someone not worthy of it. But it's a recipe for a very laborious, paranoid, miserable and lonely life.
61. Re:But can you trust xavier2dc? by Shoten · 2013-10-25 00:50 · Score: 1
  
  Dig through Clive Robinson's comments on Schneier's blog. He's actually bootstrapped the entire toolchain from handbuilt airgapped electronics and been able to actually show that the result is what was expected.
  You are aware that several of the things you say in just those two sentences are beyond the technical ability of most average people, yes? Most people have never heard of "Schneier's blog," for one thing. Bootstrapped? I have to wonder how scared off they'd be at the phrase, "handbuilt airgapped electronics." So, they either have to trust Clive Robinson, or not. TrueCrypt isn't an IDE or a piece of software used to lay out circuit board designs; use of the tool is not solely oriented towards technically-savvy individuals. And so, we get back to the whole trust question since technical skill is required to independently validate that the binaries match the source.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
62. Re:But can you trust xavier2dc? by Shoten · 2013-10-25 00:54 · Score: 1
  
  One, he's joking. But two, he's also serious.
  You just blew my mind.
  Once upon at time, royalty did not brook criticism. But, it was understood that there was a need for certain uncomfortable truths to be told, lest kings be so totally out of touch with their realm that they, well...end up doing what a lot of royals did anyways. But anyways...the mechanism for this was known as the "Motley Fool," usually a deformed individual or a dwarf that nobody would take seriously. They dressed in fanciful clothing and, well, acted like a fool. But as they did it, they also wove those uncomfortable truths into their humor, thus informing the king in a way that was acceptable to them and thus permitted. This, in fact, is the reason why the website for personal finance, The Motely Fool named themselves thus.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
63. Re:But can you trust xavier2dc? by RaceProUK · 2013-10-25 01:00 · Score: 1
  
  Just run Windows ME and then you never have to worry about NSA.
  True - it'll never run long enough to be hacked :)
  
  --
  No colour or religion ever stopped the bullet from a gun
64. Re:But can you trust xavier2dc? by antdude · 2013-10-25 04:33 · Score: 1
  
  God has the source codes to all of us. ;)
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
65. Re:But can you trust xavier2dc? by Anonymous Coward · 2013-10-25 06:03 · Score: 0
  
  Well.. What about the compiler, can you be sure the compiler is not compromised? Or the hardware.. There's still turtles all the way down.
66. Re:But can you trust xavier2dc? by u38cg · 2013-10-27 02:28 · Score: 1
  
  Sure. But there's no alternative to doing that, if you're sufficiently turtle-paranoid. The reality is if the NSA is sufficiently interested in you they will find out everything they want to, one way or another.
  
  --
  [FUCK BETA]
67. Re:But can you trust xavier2dc? by hobarrera · 2013-10-27 03:54 · Score: 1
  
  No, you should not trust him. It's for this exact reason that the procedure was published so you can review it yourself, and see if your results match his.
And why should we trust you? by spudnic · 2013-10-24 08:20 · Score: 0, Flamebait

And why should we trust you, Mr. NSA Plant? ;)

--
load "linux",8,1
1. Re:And why should we trust you? by asmkm22 · 2013-10-24 08:26 · Score: 5, Insightful
  
  He provides pretty clear instructions on how to duplicate the process he used. He's not just saying "I did it and it's safe, trust me."
2. Re:And why should we trust you? by Anonymous Coward · 2013-10-24 09:05 · Score: 2, Funny
  
  I'm a little suspect of this ./configure --enable-backdoor option.
3. Re:And why should we trust you? by Anonymous Coward · 2013-10-24 09:19 · Score: 0
  
  Then he puts it on Windows?
  Today's captcha is horsefly
4. Re:And why should we trust you? by Anonymous Coward · 2013-10-24 10:15 · Score: 0
  
  Yeah, but where do I get the skills to verify the source as safe?
5. Re:And why should we trust you? by icebike · 2013-10-24 11:01 · Score: 1
  
  Then he puts it on Windows?
  Today's captcha is horsefly
  If Truecrypt calls ANY windows APIs, especially the crypto APIs, putting it on is exactly the wrong thing to do.
  If on the other hand it has its own built in crypto functions in the source code you might feel a little better about it.
  (I haven't looked, so I actually don't know if it uses MS APIs or not.)
  
  --
  Sig Battery depleted. Reverting to safe mode.
6. Re:And why should we trust you? by bobbied · 2013-10-24 11:02 · Score: 1
  
  Try reading the source perhaps? Some code is amazingly readable, even when you don't understand the language.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
7. Re:And why should we trust you? by Anonymous Coward · 2013-10-24 13:26 · Score: 0
  
  Yeah, reading crypto code is definitely the best way to teach yourself programming. Nothing difficult to understand or tricky there.
8. Re:And why should we trust you? by gl4ss · 2013-10-24 17:18 · Score: 1
  
  surely it responds at least to the filesystem api's.. dunno why it would use windows's crypto api.. being multiplatform and all.
  at least you have the source for it, unlike other windows crypto solutions. sure, I got bitlocker but how worthwhile is it?
  
  --
  world was created 5 seconds before this post as it is.
9. Re:And why should we trust you? by Anonymous Coward · 2013-10-24 22:59 · Score: 0
  
  I guess it also accesses the keyboard APIs in order to receive a password. Here's a way you could compromise TrueCrypt if you control the OS:
  1. When the user creates the first encrypted volume, the OS at the same time adds, by simulated user action, an additional, hidden volume with a master password only known by the attacker. In the following I call that the trojan partition. Note that, as a hidden volume, it is not detectable by design.
  2. Both on initial creation and when changing the password (which TrueCrypt probably receives through the OS's keyboard API) the password is saved on the trojan partition. Also any creation of a hidden volume is stored on the trojan volume, with all the information needed to access it.
  3. When the attacker wants to read your encrypted/hidden volumes, he just reads the necessary information from the trojan partition.
  Summary: If you don't know that the operating system is clean, TrueCrypt doesn't offer any real security. Not even if you use hidden volumes.
10. Re:And why should we trust you? by Anonymous Coward · 2013-10-25 03:16 · Score: 0
  
  Yep, and there's no way a malicious programmer could slip something past a novice trying to read his code...
Has 'First time accepted submitter xavier2dc'... by kig8472 · 2013-10-24 08:21 · Score: 0

...been audited yet?
So who are you? by Anonymous Coward · 2013-10-24 08:21 · Score: 0

As they say in Latin: Quis custodiet ipsos custodes?
1. Re:So who are you? by Defenestrar · 2013-10-24 08:26 · Score: 1
  
  Cant remember who or when, but it was observed that it's the pizza delivery guy.
Now for extra credit by Anonymous Coward · 2013-10-24 08:22 · Score: 0

Now, for extra credit, try and determine if the compiler you used is compromised. Do this by compile it with a compiler that isn't, and prove you get the same compiler you used to make the initial verification.
1. Re:Now for extra credit by djdanlib · 2013-10-24 08:32 · Score: 1
  
  And how do you propose to know if any particular compiler or library is or isn't compromised?
2. Re:Now for extra credit by jcoy42 · 2013-10-24 08:42 · Score: 1
  
  And how do you propose to know if any particular compiler or library is or isn't compromised?
  Obviously you'd just write the compiler and libraries from scratch.
  
  --
  Never trust an atom. They make up everything.
3. Re:Now for extra credit by Thud457 · 2013-10-24 08:44 · Score: 4, Funny
  
  Define the universe.
  Give two examples. ;-)
  
  --
  the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
4. Re:Now for extra credit by intermodal · 2013-10-24 09:25 · Score: 1
  
  By using open-source ones, obviously. If you're running Windows, you're telling the world you don't really care whether your operating system is openly auditable.
  
  --
  In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Yeah by Anonymous Coward · 2013-10-24 08:23 · Score: 0

Says you. 0_o
Stooge by Anonymous Coward · 2013-10-24 08:23 · Score: 0

Of course xavier2dc is an NSA stooge trying to convince us that TrueCrypt isn't an NSA trap.
Nice try.
Little Let Down by Anrego · 2013-10-24 08:23 · Score: 5, Interesting

I was kinda hoping he'd built some elaborate timing setup to somehow match the exact timestamps and compile speed as the official binaries were built with.
This is still a great analysis though, and the detail provided is a fun read and useful insight into the general mindset and method of how this kind of analysis is done.
1. Re:Little Let Down by Anonymous Coward · 2013-10-24 08:31 · Score: 1, Interesting
  
  You'll be more let down when you read that Windows leaks so much info that the binaries are only part of the problem:
  http://www.usenix.org/event/hotsec08/tech/full_papers/czeskis/czeskis_html/
2. Re:Little Let Down by IamTheRealMike · 2013-10-24 09:38 · Score: 5, Informative
  
  He did as much as was necessary to establish trust and no more.
  I just want to say to Xavier - thanks. Great work.
3. Re:Little Let Down by wonkey_monkey · 2013-10-24 09:47 · Score: 3, Insightful
  
  He did as much as was necessary to establish trust and no more.
  Or so he has led you to believe...
  
  --
  systemd is Roko's Basilisk.
4. Re:Little Let Down by Anonymous Coward · 2013-10-24 10:45 · Score: 4, Insightful
  
  Everything in that link only applies to secondary volumes, it doesn't appear to apply if you've encrypted your system volume.
  Also, everything being talked about has little to do with windows, and more to do with the pointers/shortcuts external applications make to the "hidden" encrypted filesystem.
  Linux would likely have the same number of "Hey! Look! An encrypted filesystem over there!" red flags.
5. Re:Little Let Down by Anonymous Coward · 2013-10-24 13:58 · Score: 0
  
  Can't be no such trust if the compilers are not also trusted and could be compromised.
6. Re:Little Let Down by readacc · 2013-10-24 17:29 · Score: 1
  
  At some point though, you have to trust SOMETHING. You'll always find some hypothetically attack vector when it comes to software, but you'll go mad with the possibilities.
7. Re:Little Let Down by Kythe · 2013-10-25 00:48 · Score: 1
  
  I agree. Actually, the fact that he detailed the steps he took makes his analysis so much more powerful, as anyone can verify his work. The scientific method in action.
  
  --
  
  Kythe
8. Re:Little Let Down by Kythe · 2013-10-25 00:50 · Score: 1
  
  As discussed above, Schneier has detailed methods with a good probability of revealing compromised compilers, or at least disabling the compromise.
  
  --
  
  Kythe
But can you trust Microsoft Visual C++ by Suiggy · 2013-10-24 08:25 · Score: 1, Troll

Sure, the binaries match up after rebuilding from the sources. But perhaps the compiler injects exploits into all versions of binaries. Or maybe there are exploits in the MSVC CRT.
And let's not forget that the Windows operating systems are all essentially just NSA backdoors.
1. Re:But can you trust Microsoft Visual C++ by shawn(at)fsu · 2013-10-24 08:38 · Score: 4, Insightful
  
  If you're that worried about a ken thompson attack (which this topic always devolves in to) then why even use a computer at all?
  
  --
  500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
2. Re:But can you trust Microsoft Visual C++ by Anonymous Coward · 2013-10-24 08:50 · Score: 0, Redundant
  
  That reminds me of a very old hack described in http://cm.bell-labs.com/who/ken/trust.html
  To summarize, the idea is to create a backdoor in a compiler. Its most noticeable features is to be able to detect when it is re-compiling the compiler from clean sources and then to insert the backdoor in the generated binary. In pratice, that means even a compiler recompiled from clean sources cannot be trusted. More generally, such backdoor could also patch all tools susceptible to be used to detect it.
3. Re:But can you trust Microsoft Visual C++ by Dishevel · 2013-10-24 08:58 · Score: 5, Funny
  
  I don't. I build all of code in hardware. That is rendered in MineCraft.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
4. Re:But can you trust Microsoft Visual C++ by MaskedSlacker · 2013-10-24 09:17 · Score: 1
  
  That reminds me of a very old hack described in http://cm.bell-labs.com/who/ken/trust.html
  
  I would hope so since that's what he was referring to. What worries me is that it took this long in the comments for someone to reference "Trusting Trust." That should have been the obvious problem from the end of the first sentence of the summary.
5. Re:But can you trust Microsoft Visual C++ by gman003 · 2013-10-24 09:57 · Score: 1
  
  He actually brings this up in TFA. He makes a note of two things that are "beyond the scope of this article": verifying that the compiler is not inserting any backdoors, and verifying that the source code has no security holes.
6. Re:But can you trust Microsoft Visual C++ by Suiggy · 2013-10-24 10:20 · Score: 1
  
  Why even live if you have file taxes?
7. Re:But can you trust Microsoft Visual C++ by Lehk228 · 2013-10-24 13:12 · Score: 1
  
  notch is on the take for the NSA
  
  --
  Snowden and Manning are heroes.
8. Re:But can you trust Microsoft Visual C++ by Anonymous Coward · 2013-10-25 01:57 · Score: 0
  
  You could one-time-pad encrypt your message before typing it into the computer at all; OTP-encrypted messages can be sent over whatever medium is convenient with no worry, including insecure computers or computers with backdoors. Tools exist to aid OTP encryption, the trouble is how to generate your one-time-pad without using a compromised computer.
  https://github.com/Fasrad/otpgen
Re:"According to my findings" by Zerth · 2013-10-24 08:26 · Score: 4, Insightful

You don't have to trust this person, they've given you the exact steps to do it yourself.
worst grammar mistake they could make by slashmydots · 2013-10-24 08:26 · Score: 1, Troll

"It is getting even more attention lately following the revelations of the NSA as the authors remain anonymous and no thorough security audit have yet been conducted to prove it is not backdoored in any way."

What they mean is:
It is getting even more attention lately[,] following the revelations of the NSA[,] as the authors remain anonymous and no thorough security audit [has] yet been conducted to prove it is not backdoored in any way.

Oh, you know, so it doesn't say: "revelations of the NSA as the authors," implying that the NSA wrote the software.
1. Re:worst grammar mistake they could make by maxwell+demon · 2013-10-24 08:35 · Score: 1
  
  Maybe they did, he knows it, but wanted to create a plausible deniability as grammar mistake.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
2. Re:worst grammar mistake they could make by xavier2dc · 2013-10-24 14:25 · Score: 1
  
  Haha, sorry I wrote that too fast.
Physical Compulsion by Anonymous Coward · 2013-10-24 08:28 · Score: 0

Direct access to your physical body negates all security.
They can, and will, compel you.
Game over.
Umm... by Anonymous Coward · 2013-10-24 08:28 · Score: 0

How does this exactly help prove or dispell any potential existence of a backdoor? Especially, if the binaries already contained one?
1. Re:Umm... by Qzukk · 2013-10-24 08:35 · Score: 2
  
  At this point it means that if you go through the source code and understand it, you know what the truecrypt binaries are doing, because you can be pretty sure (modulo built-in compiler exploits affecting both your and their compiler the same way) their binaries match the source code.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
2. Re:Umm... by foma84 · 2013-10-24 09:45 · Score: 1
  
  Why everybody in this area keep on using the modulo notation? It makes no sense.
3. Re:Umm... by Qzukk · 2013-10-25 00:31 · Score: 1
  
  sure it does. (x + 10) mod 10 = x, (binary + trojan) mod trojan = binary
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
4. Re:Umm... by Anonymous Coward · 2013-10-25 01:22 · Score: 0
  
  (x + 10) mod 10 = x
  Only if x is smaller than 10
5. Re:Umm... by foma84 · 2013-10-26 09:24 · Score: 1
  
  ("binaries match the source code" + "compiler exploits") modulo "compiler exploits" = "binaries match the source code". Thank you.
Can you trust the compiler? by luciano.moretti · 2013-10-24 08:30 · Score: 0

The compiler (and support stack) is a MS compiler, and MS is already owned by "the man", so as Kernighan demonstrated you still can't trust it.
1. Re:Can you trust the compiler? by Desler · 2013-10-24 08:47 · Score: 1
  
  You mean Ken Thompson not Brian Kernighan.
2. Re:Can you trust the compiler? by surmak · 2013-10-24 08:59 · Score: 4, Interesting
  
  The compiler (and support stack) is a MS compiler, and MS is already owned by "the man", so as Kernighan demonstrated you still can't trust it.
  The disassembler he used is not. So it is (at least theoretically) possible to see if there is a back door. The compiler has a very low-level view of what it is doing. In order to add a back door, it would need to recognize when it is compiling TC. This could be a much more difficult technical problem than what Kernighan did to login, and, if discovered, would be devastating to MS from a PR standpoint.
3. Re:Can you trust the compiler? by godrik · 2013-10-24 08:59 · Score: 2
  
  Well, you can't trust any software you do not have the source code of. So of course you can not trust the MS compiler.
4. Re:Can you trust the compiler? by foma84 · 2013-10-24 09:47 · Score: 1
  
  You CLEARLY missed the whole point of a Ken Thompson attack. It's a very interesting read, highly reccomended.
5. Re:Can you trust the compiler? by Anonymous Coward · 2013-10-24 14:56 · Score: 0
  
  Devistating to ms - not really unless they pull a Dlink and sign the damn thing as a Back door, they would just write it off as a bug on patch day.
6. Re:Can you trust the compiler? by Anonymous Coward · 2013-10-24 18:27 · Score: 0
  
  ...would be devastating to MS from a PR standpoint.
  https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#Companies
7. Re:Can you trust the compiler? by dkf · 2013-10-24 20:08 · Score: 1
  
  The disassembler he used is not. So it is (at least theoretically) possible to see if there is a back door.
  You can also try disassembling the code by hand. (It's hard work, but you can do it.) Then you've only got to worry about whether the file has some trickery done to it so it looks like one binary sequence when opened normally, but uses something else when executed. Which I suppose is possible, but it's getting really hard to make such things reliable; it's easier to just put a rootkit on the OS and lie to users that way...
  
  --
  "Little does he know, but there is no 'I' in 'Idiot'!"
8. Re:Can you trust the compiler? by Ihlosi · 2013-10-24 21:24 · Score: 1
  
  In order to add a back door, it would need to recognize when it is compiling TC.
  Which is fairly trivial to implement, as long as you can dictate what the secret sign should be.
  So, next step: Run the TC source code through an obfuscator that messes with it in all kinds of horrible way _without_ changing what the meaning of the source code to a compiler would be. Then recompile and see if it matches the original binary.
9. Re:Can you trust the compiler? by Anonymous Coward · 2013-10-24 22:55 · Score: 0
  
  You don't necessarily need to detect that it is compiling TC. You only need to make the assumption that the specific part of the code you want to modify isn't changed. If the intermediate code after parsing matches then you replace it.
  Yes, any other software that uses the same algorithm will also get the backdoor inserted. From the attackers point of view that is a bonus, not a flaw.
10. Re:Can you trust the compiler? by Anonymous Coward · 2013-10-24 23:02 · Score: 0
  
  You can't trust software you have to source for either, unless you sit down and look through the code. In the case of truecrypt you also need enough understanding of cryptography to understand possible intentional flaws.
  Letting someone else look through the code for you isn't going to help much. At most you may trust that person more than you trust the person who wrote the code.
  The benefit you get from having the source code is that it might be easier to read through it than it is to load the binary into a disassembler/debugger and see what the code does. The benefit of the latter version is that a competent debugger will emulate the system and allow you to step through the code to get a better understanding of it. No risk of intentionally omitted syntax glue that may trick you into thinking that the the code does something else than it actually does.
  The "many eyes" thing with open source only works as long as you trust that one person who actually bothers to look through the code.
11. Re:Can you trust the compiler? by Anonymous Coward · 2013-10-26 12:39 · Score: 0
  
  It actually wouldn't be that hard. Although, you wouldn't do it by literally recognizing a particular program (since, what really is a /particular/ prorgram).
  <compiler-writer>
  I am an expert in the structure of the patterns which this particular optimization exploits.
  I will simply choose a *very* unlikely pattern which the optim I'm writing also *easily* can be made to identify.
  I'll then simply do: ..
  if(backdoar_activation_pattern_p(optim_opportunities))
  {
  insert_backdoar();
  } ...
  </compiler-writer>
Ugh, not "a software" again. by jabberw0k · 2013-10-24 08:32 · Score: 3, Informative

"TrueCrypt is a popular software enabling data protection...
No, TrueCrypt is a popular piece of software. You don't have "a hardware" or "a clothing" or "an information" — and likewise you cannot have "a software."
1. Re:Ugh, not "a software" again. by freeze128 · 2013-10-24 08:52 · Score: 2
  
  I'm just glad that they don't call it a "Progrum".
2. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 09:04 · Score: 1
  
  In which dialect of English do you imagine 'a software' is valid?
3. Re:Ugh, not "a software" again. by ZombieBraintrust · 2013-10-24 09:07 · Score: 2, Insightful
  
  I don't think you can have a "piece" of software. You don't have half of TrueCrypt or a 3rd of it. Should be "TrueCrypt is popular software enabling data protection"
4. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 09:08 · Score: 1
  
  I'm just glad that they don't call it a "Progrum".
  Could be worse *cough*app*cough*
5. Re:Ugh, not "a software" again. by Desler · 2013-10-24 09:12 · Score: 2
  
  Even better that it's not a "pogrom".
6. Re:Ugh, not "a software" again. by Suiggy · 2013-10-24 09:16 · Score: 1
  
  Thanks for this. It's one of my pet peeves as well. Same with how certain people refer to the plural of data as datas, etc. The plural of data is data.
7. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 09:22 · Score: 0
  
  I lump them all together with the same group that calls / 'forward slash'.
8. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 09:24 · Score: 0
  
  And the singular of data is datum. So what?
9. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 09:29 · Score: 1
  
  Actually, the plural of datum is data... ;-)
10. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 09:33 · Score: 0
  
  I suspect you think the plural of geese is geese.
11. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 09:37 · Score: 0
  
  I don't think you can have a "piece" of software.
  Think of it like having a piece of toast. Everyone knows what you mean, despite the fact that there is no superinstance of toast that your piece came from.
12. Re:Ugh, not "a software" again. by Pseudonym+Authority · 2013-10-24 10:01 · Score: 1, Informative
  
  Actually, `data' is uncountable, much like `soap' or `money'. To demonstrate, say the following: `It's too much data!' and `It's too many data!'. Were it countable, you would use `many' rather than `much'. Normally, uncountable nouns are not pluralized. But when they are, it refers to different kinds of the object. For example: `soaps' means that there are different types of soaps, `peoples' means that there are at least two distinct subgroups that merit distinction within a larger group of people. As such, the word `datas' refers to different types of data. Perhaps one piece of data is of the price of apples, while the other is a table of average penis size by year. Don't listen to the foolish ones telling you about crap like `datum'. English does not have to follow the rules of the language it stole from. They need to get a life and stop being such slimebags.
  
  And with that no doubt fascinating and off-topic explanation out of the way, this session of Internet Grammar Court is adjourned!
13. Re:Ugh, not "a software" again. by grqb · 2013-10-24 10:18 · Score: 1
  
  Translate to french and then we'll let the OP nitpick your grammar.
14. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 10:23 · Score: 0
  
  You do realize not everybody speaks USian english right?
  That's OK, the complaint is valid in actual English too.
15. Re:Ugh, not "a software" again. by Chuckstar · 2013-10-24 10:34 · Score: 1
  
  Now you're going to tell me there's no such thing as a single scissor, either. ;-)
16. Re:Ugh, not "a software" again. by Valdrax · 2013-10-24 10:45 · Score: 1
  
  I'm guessing you only wear pairs of pants and listen to MP3 files.
  Languages shorten common phrases. Get used to it.
  
  --
  If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
17. Re:Ugh, not "a software" again. by geekoid · 2013-10-24 10:53 · Score: 4, Informative
  
  The plural of datum is data.
  The singular of data is datum.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
18. Re:Ugh, not "a software" again. by sconeu · 2013-10-24 11:30 · Score: 1
  
  What is half a pair of scissors, but a single sciz!!!
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
19. Re:Ugh, not "a software" again. by ZombieBraintrust · 2013-10-24 13:09 · Score: 1
  
  A piece of toast is some fraction of a loaf of bread. So it does make sense.
20. Re:Ugh, not "a software" again. by Zordak · 2013-10-24 13:36 · Score: 1
  
  "Too many data" is perfectly grammatical. "Datum" is a single piece of information. "Data" are several pieces of information. "Data" is also often used as a mass noun in common usage. Both uses are considered valid by ever grammar source I've seen. I very frequently write sentences like "The data received by the processor are written to memory" in my patent applications.
  
  --
  
  Today's Sesame Street was brought to you by the number e.
21. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 16:07 · Score: 1
  
  The plural of datum is data.
  The singular of data is datum.
  That is true in Latin, but we're making sentences in English. The rule for linguistics is that popular usage is the rule when determining the correct usage of words adopted from foreign languages. That is to say, the Latin usage is irrelevant.
22. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 16:12 · Score: 0
  
  RE: "I very frequently write sentences like "The data received by the processor are written to memory" in my patent applications."
  I've often seen people use "appeal to authority" as a rhetorical device, but it takes a special kind of person to back up an argument by saying, essentially, "it must be OK because that's how I do it".
23. Re:Ugh, not "a software" again. by philip.paradis · 2013-10-24 16:15 · Score: 1
  
  Grammars evolve. We certainly don't speak Old English anymore. In English grammar, one attribute of nouns is countability; this is to say that nouns are classified as countable or uncountable. While American English strongly tends toward classification of "software" as an uncountable noun, this is not necessarily the case for the rest of the English-speaking world, and the trend in many regions is toward considering the word countable.
  Having grown up in the United States, hearing the phrase "a software" bothered me until a few years ago. However, I'm no longer particularly annoyed by the phrase, and tend to simply use it as a linguistic hint that the speaker is likely not from the United States.
  
  --
  Write failed: Broken pipe
24. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 19:17 · Score: 0
  
  You're an idiot. I'm also a smug, pretentious, self-congratulatory European, but "a software" is just wrong. Ugly.
25. Re:Ugh, not "a software" again. by gl4ss · 2013-10-24 20:40 · Score: 1
  
  not in any english book we had in school.
  boxen wasn't in there either.
  
  --
  world was created 5 seconds before this post as it is.
26. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-24 22:16 · Score: 0
  
  There is only one Data. He is countable.
27. Re:Ugh, not "a software" again. by NoImNotNineVolt · 2013-10-25 00:57 · Score: 1
  
  The plural of medium is media.
  The singular of media is medium.
  
  (just another word that got mangled over the years)
  
  --
  Chuuch. Preach. Tabernacle.
28. Re:Ugh, not "a software" again. by Anonymous Coward · 2013-10-25 02:01 · Score: 0
  
  The singular of data is datum.
  How little data does one need to constitute a datum? One vector? One scalar? One bit?
'Now we know version v7.1a is not backdoored' by YesIAmAScript · 2013-10-24 08:34 · Score: 0

'Now we know version v7.1a is not backdoored, what about previous versions? Were they backdoored?'
This written by a guy who indicates he didn't audit the source code.

--
http://lkml.org/lkml/2005/8/20/95
1. Re:'Now we know version v7.1a is not backdoored' by asmkm22 · 2013-10-24 08:40 · Score: 2
  
  He made very clear that he didn't audit the source code. Only that the binaries match the source code.
2. Re:'Now we know version v7.1a is not backdoored' by Anonymous Coward · 2013-10-24 08:54 · Score: 1
  
  Thank you for volunteering to audit the source code. Please let us know of the results after you are finished.
3. Re:'Now we know version v7.1a is not backdoored' by Anonymous Coward · 2013-10-24 09:53 · Score: 0
  
  He made very clear that he didn't audit the source code. Only that the binaries match the source code.
  So you're agreeing that it's incorrect of him to say "Now we know version v7.1a is not backdoored"?
  If the source code haven't been audited we don't know whether it has a backdoor or not.
4. Re:'Now we know version v7.1a is not backdoored' by YesIAmAScript · 2013-10-24 11:31 · Score: 1
  
  Trust me, I'll audit it before I state that I know it isn't backdoored.
  I wouldn't hold your breath for either to happen.
  
  --
  http://lkml.org/lkml/2005/8/20/95
5. Re:'Now we know version v7.1a is not backdoored' by YesIAmAScript · 2013-10-24 12:21 · Score: 1
  
  Agreed there, but if he didn't audit the source code why did he make the statement it is not backdoored? He can't know if he didn't even look.
  
  --
  http://lkml.org/lkml/2005/8/20/95
6. Re:'Now we know version v7.1a is not backdoored' by xavier2dc · 2013-10-24 14:30 · Score: 1
  
  I meant, v7.1a is not backdoored *by the TrueCrypt developers between the sources and the binaries*, nothing more. I'll edit the sentence to make it clear.
submitter told you how to check it yourself by raymorris · 2013-10-24 08:35 · Score: 4, Insightful

TFA painstakingly explained how you can check it yourself. I'm sure several people will, including enough people that I trust enough. Especially given that there is zero evidence of a backdoor. Nobody is claiming there is a backdoor, so it's a question if yyou trust the testers more than you trust - nobody.
1. Re:submitter told you how to check it yourself by mlts · 2013-10-24 09:19 · Score: 5, Informative
  
  I would say that TC is above almost all security software in that the source is available at all. There are a lot of utilities out there that there is no source available for unless one is a large government.
  TC at least has a level playing field. China might have the source code, but at least you do too.
Why would I want to include the key anyway? by Anonymous Coward · 2013-10-24 08:38 · Score: 0

Luks stores the password/key in the beginning of the partition, trucrypt does simular I believe. Why would you ever want to include the encrypted key with the file/disk? Its just the password encrypted and is open to very fast bruteforcing when included. The whole thinking process is broken.
1. Re:Why would I want to include the key anyway? by ledow · 2013-10-24 08:51 · Score: 1
  
  Er. No. It doesn't.
2. Re:Why would I want to include the key anyway? by Anonymous Coward · 2013-10-24 09:05 · Score: 0
  
  Mapping Physical Partitions to LUKS
  After writing the partition table to the MBR (optionally set up LVM thereafter) the next step is to create the LUKS and dm-crypt magic and make device mapper mount it to the filesystem of the installation system.
  When creating LUKS partitions they must be associated with a key. The key is used to unlock the header of the LUKS-encrypted partitions.
  A key is either a:
  Passphrase
  Keyfile
  https://wiki.archlinux.org/index.php/dm-crypt_with_LUKS#Mapping_Physical_Partitions_to_LUKS
  It is possible to define up to 8 different keys per LUKS partition. This enables the user to create access keys for save backup storage. Also a different key-slot could be used to grant access to a partition to a user by issuing a second key and later revoking it again without the need to re-encrypt the partition. Having in mind that further passphrases or keyfiles can be added later easily at any time might make the choice for the initial key easier.
  https://wiki.archlinux.org/index.php/dm-crypt_with_LUKS#Mapping_Physical_Partitions_to_LUKS
  Better look a bit deeper I think. they encrypt your hidden 2048 password as a key, then allow you to encrypt multiple versions with different passwords(you know) to open the real password(2048) key. As in there is a 2048 bit random key, your password actually opens. that is used to open your encrypted file system. Its in the partition header, included for future benefit.
  This is basically a very small file to brute force for the 2048 bit key. Rainbow tables anyone? Perhaps you made 4 different passwords and kept one for support ? wonder how hard it would be if I had 3 samples of the same key(2048) encrypted with different pass phrases. This KEY is the real password for the file/filesystem.
  Broken thinking. That key should be on seperate media but nope, lets put it right in there.
3. Re:Why would I want to include the key anyway? by TangoMargarine · 2013-10-24 09:33 · Score: 1
  
  TrueCrypt doesn't actually use public key encryption for the main de/encryption process (as it would apparently be hellaciously slow or something). It just uses PKE to encrypt the symmetric key, which I would guess is what must then be stored in the partition.
  And you can't sign anything with either the public or private key and still be able to decrypt it unless you have the other half of the key pair.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
4. Re:Why would I want to include the key anyway? by ledow · 2013-10-24 09:47 · Score: 1
  
  How is breaking a 2048-bit key encrypted by your password any less difficult than breaking a less-than-2048-bit password? (Hint: It's not. Quite the opposite).
  The key is there to make it so that just the password, on its own, does not allow you to decrypt part of the data without also having the partition header (so getting a random sector off a storage device - say by doing magnetic history recovery if such a thing has ever existed - and having the password leaves you with NOTHING, you'd need the key sector as well).
  Also, because your password is ALWAYS going to be less than 2048-bit, that's a way to ensure a decent level of security even if you use the same password on two machine (there is a nonce/salt value that does mean your password will not result in two identical keys on two otherwise-identical computers, so they can't use your laptop header to decrypt your PC even if they used the same password - this is a security feature by people who know what they are doing, if you haven't noticed).
  This is not "the key". It's an encrypted (or salted+hashed) version of your key that is just as strong as every other sector on your hard drive but provides security features for non-2048-bit passwords that you wouldn't otherwise have. It does not weaken the encryption in any way, shape or form. If you could decrypt the key sector by brute-force, you could decrypt the rest of the hard drive with similar effort (so you lose NOTHING by having it).
  So, please, stop talking nonsense.
  Also, there is no correlation between this and the subject of the article, Truecrypt. Even if it did the same thing (I suspect it may, but it's not guaranteed), it's not "storing your key" at all. It's a misnomer to pretend it is or that it's in any way weakening security. If you can see the "key" inside that sector, you could see *any* decrypted data you wanted to anyway.
  Rainbow tables, etc. apply to hash functions (and though it's possible salted hashes could be used in the same way to verify you have the correct key - which some encryption software does in certain places - your confusion between the two is most telling). And RT are defeated (pretty much) by large salted hashes and complex hash functions. They have no relevance here and - again - if the rainbow table helps you decrypt that initial key sector, it would help decrypt the drive WITHOUT that initial key sector anyway.
  If you really think that something that obvious is as simple as "the key is in the first sector, let's just crack that sector", then you've not understood it at all. YOU STILL NEED TO KNOW THE PASSWORD or spend the same extraordinary effort breaking it to get anything at all. And with the initial sector being a random key - guess what? There's no predictable first boot sector, unlike if you just encrypted with a key (99% of Windows machines will have the same bootloader as everyone else so you KNOW when you've got the right key in one just sector of data - with an encrypted key in the first sector, you will *NOT* know if you have the right key without first then decrypting huge portions of the disk with that key and looking for plain-texts! That's a LOT of extra work added on - see.... security feature...).
  And quite what you think putting it on different media will do, I don't know. That would be identical to just storing your "real key" on a USB thumb drive in an encrypted file protected by your password (because that's all it's doing).
  This makes things better. It does not store "your key" but an encrypted copy of the key. That "encrypted" means it's just as hard to find that key as it would be ANY OTHER SECTOR on the disk. Except, as listed above, it provides a lot of advantages too.
  Please get a clue before making blanket assertions like "It stores your key, so it's weakened". It's not. And this is why cryptography should NEVER be attempted by the amateur. What you think weakens the scheme actually makes it MUCH stronger.
5. Re:Why would I want to include the key anyway? by fatphil · 2013-10-24 19:43 · Score: 1
  
  > And you can't sign anything with either the public or private key and still be able to decrypt it unless you have the other half of the key pair.
  
  You don't "decrypt" signed things, you simply verify them.
  
  And you can sign something with the private key and still be able to decrypt it, as (a) at least as defined by all the standards I'm familiar with, the private key contains enough information to generate the public key; (b) the public key can be assumed to be known by everyone; and in some cases (c) there isn't even a public key, per se, merely the curve parameters.
  
  --
  Also FatPhil on SoylentNews, id 863
6. Re:Why would I want to include the key anyway? by TangoMargarine · 2013-10-25 04:13 · Score: 1
  
  Okay, you caught me: I may have gotten my terminology a bit mixed up. But if you sign/encrypt/whatever data with the public key, people can't read the data unless they have the private key.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
7. Re:Why would I want to include the key anyway? by fatphil · 2013-10-25 04:59 · Score: 1
  
  Yup, public keys can used for encrypting messages *to* the key-owner, as only he has the capability to decrypt. Alas, that in itself provides no proof of the identity of the sender.
  
  --
  Also FatPhil on SoylentNews, id 863
that's not even wrong... by Thud457 · 2013-10-24 08:40 · Score: 3

You're not quite 40 YEARS behind the times....

I think this whole NSA brouhaha will make some people start taking auditability a little more seriously.
Which means documenting the whole tool chain used and all options used. Of course, that only helps if you have access to the source. SUX to be you, Microsoft.

--
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
1. Re:that's not even wrong... by gigaherz · 2013-10-24 09:26 · Score: 1
  
  Microsoft offers the sources of many products for research and education purposes. You DO have to sign an NDA to get them, though, so it's not like if just anyone can do the testing.
2. Re:that's not even wrong... by Russ1642 · 2013-10-24 09:37 · Score: 1
  
  You also need the source for the chips themselves. Maybe that's the weak link.
3. Re:that's not even wrong... by tepples · 2013-10-24 09:45 · Score: 2
  
  You also need the source for the chips themselves.
  Not if the diverse double compiling process includes other CPU architectures. For one thing, there exists a C compiler that runs on an Apple IIGS computer with a 65816 CPU, which doesn't have enough gates to hold a Ken Thompson backdoor.
4. Re:that's not even wrong... by Tassach · 2013-10-24 10:45 · Score: 1
  
  The whole point of the Thompson hack is that it would survive a source code audit. If you compiled the clean source for the compiler with a dirty compiler, it would insert the backdoor into the new executable, making it self-replicating in an virtually undetectable fashion. The code you compiled yourself would be byte-for-byte identical with the bootstrap compiler.
  
  --
  Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
5. Re:that's not even wrong... by Score+Whore · 2013-10-24 11:28 · Score: 2
  
  What the hell are you talking about? The 65816 in the IIGS has more capacity/capability than the machines Ken Thompson did his work on. What it primarily lacks is an MMU.
6. Re:that's not even wrong... by Lennie · 2013-10-24 19:35 · Score: 1
  
  Yes, you can get access to the source. But you don't get a license to build binaries from them and use those. Also it can probably only be compiled with their own compiler.
  Good luck with that.
  
  --
  New things are always on the horizon
Sure you can trust the compiler. by Anonymous Coward · 2013-10-24 08:44 · Score: 0

The compiler is not an issue. What is an issue, however, is that "the man" doesn't need a backdoored compiler, or for TrueCrypt itself to have a backdoor for that matter. Nope, the big issue is that "the man" has developed numerical algorithmic methods for cracking most encryption protocols, plus they have the supercomputers at their disposal necessary for getting the job done rather quickly.
Re:"According to my findings" by Anonymous Coward · 2013-10-24 08:51 · Score: 0

Him? What about you?
what about the source? by Anonymous Coward · 2013-10-24 08:54 · Score: 0

He just compiled it.... but what if the backdoor is already in the source? has anyone actually checked, or does everyone just presume it's safe... " if you can see the code, i'm sure someone would of spotted a back door by now" ... thou this could apply to many open source software
1. Re:what about the source? by Desler · 2013-10-24 09:14 · Score: 3, Interesting
  
  Do you have the attention span of a gnat? What you ask about is covered In the second sentence of the summary.
2. Re:what about the source? by Anonymous Coward · 2013-10-24 15:32 · Score: 0
  
  If nobody could get the same binary it would have been a waste of time verifying the source.
  
  But now that he's done work showing on how to verify that the source produces the binary, you can now safely use your own time verifying his results and then verify that the source has no backdoors.
Turtles? by Anonymous Coward · 2013-10-24 08:55 · Score: 0

I like turtles.
Did same, found same by Anonymous Coward · 2013-10-24 09:14 · Score: 5, Interesting

I did the exact same thing as in TFA a few days earlier and ended up finding the exact same variations and causes for those variations.
My conclusion was also identical, binaries are indeed coming from the provided sources and can be trusted if no further backdoor is found in the sources themselves.
A cryptographic and coding oriented audit is still much required.
Milhouse is now a meme! by Anonymous Coward · 2013-10-24 09:25 · Score: 0

You wouldn't download a babby, would you?
1. Re:Milhouse is now a meme! by Paradise+Pete · 2013-10-24 09:47 · Score: 1
  
  You wouldn't download a babby, would you?
  The extra b is a parenty check.
2. Re:Milhouse is now a meme! by Anonymous Coward · 2013-10-24 10:32 · Score: 0
  
  Depends how it was formed.
3. Re:Milhouse is now a meme! by Anonymous Coward · 2013-10-24 10:42 · Score: 0
  
  i thought the b was for bargain
Valid English:Fuck the Fucking Fuckers! by Grog6 · 2013-10-24 09:29 · Score: 1

I diagrammed this Sentence in Sophomore English in HS, following up, "Jesus wept." :)
Mr. Countiss really liked that, IIRC.

--
Truth isn't Truth - Guliani
Diverse double compiling by tepples · 2013-10-24 09:34 · Score: 5, Informative

And how can I trust the cpu to actually execute the code as compiled and not insert it's own microcode into the process?

By using free compilers and ensuring clean binaries using diverse double compiling. (Thud457 mentioned it, and we discussed it a week ago.) Essentially what you do is bootstrap the compiler (compile the compiler's source code with your existing compiler binary, then recompile it with itself) on several different brands of compiler. If the binaries resulting from all bootstraps match, then either none of them have a backdoor or they all have the same backdoor. The more compilation processes you use, the less likely it will be that they all have the same backdoor. To exclude CPU microcode bugs that target a particular compiler, you could try running some of the bootstraps in an emulator such as DOSBox or bootstrap them as cross-compilers on another CPU architecture.
1. Re:Diverse double compiling by geekoid · 2013-10-24 10:46 · Score: 1
  
  You don't see the flaw their? really?
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
2. Re:Diverse double compiling by swillden · 2013-10-24 11:25 · Score: 1, Interesting
  
  You don't see the flaw their? really?
  Did you miss the last sentence?
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
3. Re:Diverse double compiling by Anonymous Coward · 2013-10-24 20:06 · Score: 0
  
  I think they're referring to the fact that if you compile stuff in different compilers, the resulting binaries will never match - It is almost impossible to get a bit-for-bit identical exe from two different compilers as they have different optimisation strategies and binary code 'styles' etc.
  This is also why some stuff doesn't work if you compile it in gcc or icc or bcc or msvc etc.
4. Re:Diverse double compiling by Anonymous Coward · 2013-10-24 22:33 · Score: 0
  
  Or what if the hard drive's firmware is modified to detect and auto-patch binaries with malicious code? Well, I guess if you look for it, it should be easy to detect. But then, you'll first have to look for it.
  Indeed, there could be a manipulation between the OS kernel and the hard disk which allows the kernel, in an non-suspicious way, to communicate to the hard disk that it is going to load code for execution, and the hard disk will deliver patched code only if it gets that signal. Of course that kernel patch may also be installed by the hard disk when loading the kernel, and therefore not be visible if you analyse the binary; in this case it will be the boot loader which is manipulated. Which of course could be again manipulated by the hard disk with a similar trick, by detecting the initial boot.For PC BIOS boot, it's just loading the boot sector (the very first sector of the disk) shortly after power-on. Also, the disk might detect the signals the BIOS sends to detect what disks are there, and use that to distinguish a boot sequence from being powered on e.g. in an external drive, to avoid someone finding the patched boot sector that way.
  Of course no matter what the manipulation is, there are ways to detect it if you know where to look. but unless you'd explicitly looking for it, you'd probably never recognize a manipulation of a hard disk along the lines of the previous paragraph. And even if you suspect such an attack, it might be quite hard to actually detect it.
5. Re:Diverse double compiling by Stuarticus · 2013-10-24 23:05 · Score: 3, Funny
  
  I see the flaw their.
  
  --
  If you think someone isn't free to have a different definition of "freedom" you may be a tyrant.
6. Re: Diverse double compiling by Anonymous Coward · 2013-10-24 23:49 · Score: 1
  
  If you compile GCC 4.5 with various compilers, the GCC binaries will all be different. However, if you then compile something with each of the gcc 4.5 binaries, it should produce consistent binaries.
Generic problem to solve? by Okian+Warrior · 2013-10-24 09:34 · Score: 1

This thing about TrueCrypt has turned into a test-case for software security practices.
Loosely, the security audit has three sections: 1) Look at the sources, 2) Look at the license agreement, 3) Verify that the binaries match the sources.
Item #3 above seems to be a generic problem: assuming that the source is correct, how can people verify that binaries were compiled from the source? Any minor change to the compiler can generate different instructions for the same code, and many compilers insert time-stamps and signatures (login of user running the compiler) into the final executable. This makes comparing binaries a problem.
Is there a better way to solve this? For example, could the GNU compiler digitally sign an executable, so that the executable could be verified by a web app on the GNU foundation page? (Generate a signature from source+binary and include it in the executable, for example.)
Can someone come up with a good solution for executable integrity?
1. Re:Generic problem to solve? by foma84 · 2013-10-24 09:50 · Score: 1
  
  You can have it signed by Microsoft ;)
2. Re:Generic problem to solve? by Anonymous Coward · 2013-10-24 09:51 · Score: 0
  
  No, just use the same compiler version. Timestamps are a problem but this can be dealt with. The real question is, when will Debian/Ubuntu/Redhat/Suse be verified? There is no point in running verified crypto software if your OS is not verified.
  Some Debian people are working on this, but it does not seem to have much priority overall:
  https://wiki.debian.org/ReproducibleBuilds
3. Re:Generic problem to solve? by bill_mcgonigle · 2013-10-24 12:25 · Score: 1
  
  The real question is, when will Debian/Ubuntu/Redhat/Suse be verified?
  Redhat has been verified by the CentOS team. If you read the -devel mailing list from back when it was done, it was a real pain in the ass. "Compile this SRPM on this version of Fedora with this version of this library installed", etc.
  But they did it, after a long effort, and got binary matches.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
4. Re:Generic problem to solve? by Anonymous Coward · 2013-10-24 18:24 · Score: 0
  
  Can someone come up with a good solution for executable integrity?
  Get better comparison tools. If the tool you use only gives you a true/false then you need a better tool. At minimum it needs to output the differences so that you can compare and see if the differences are in compiler-inserted data only.
  An even better solution is to use a compiler that doesn't insert anything beyond what the source files tells it, compiling the same source with the same compiler should always yield the same result.
  Then the only thing you need to know is the compiler version that was used to compile the original binaries, that information should be provided in a readme-file or listed on the page where you found the binary.
  Or write the code in assembler, the assemblers tend to differ less than C-compilers.
5. Re:Generic problem to solve? by ledow · 2013-10-24 20:24 · Score: 2
  
  Include source with the binary, in a non-executable section.
  On first run, the machine builds the source (running as a very limited user) and compares the result against the rest of the binary. If it doesn't match, it simply ignores the binary supplied, replaces it with the new compiled version and signs it with a key unique to your own computer/compiler.
  Of course, there are myriad problems here (not least that commercial software will never be released in that format), but that's the only way "to be sure". If in doubt, recompile from source. This is just an automation.
  We already have the tools. PE and ELF already have sections we could use for this. We already do a lot of "multiple architectures stored in a single binary" magic (e.g. for MacOS, ELF allows you to do similar, etc.). We already have most of this in things like Software Restrictions policies, Authenticode, etc. it's just a case of going that one step further.
  There's no reason that open-source software couldn't adopt a standard that - if you wish - you can just run the binary "as-is" (and it just ignores the source sections and works as currently), but if you have a system with the right option turned on, before a single byte of a program is executed it is compiled as a limited users from the source contained within it (in a way that produces constant binaries - it's not hard, we just prefer to debug with relevant build dates, etc. - this could be easily standardised to produce "consistent" builds if compiled on the same versions), checked against the resulting binary and/or just overwriting the binary (sometimes you'll have a newer compiler - swell - just ignore the "old" signed binary and replace with one generated from the binary's source contained within itself), signing the result and then "whitelisting" that particular signed binary. It only needs to be done once per executable per computer, won't take that long even for the largest software, and you get a "free" copy of the source too.
  And while you're there, if you want to turn it off and just trust the binary (with source, and a message inside it detailing the checksum of that source, say, signed by FireFox Inc. or whatever), then you can just add that cert to your systems trusted lists and not worry about having to recompile every app.
  To be honest, I don't get why open-source security distributions aren't already doing it. It would also solve an awful lot of "custom Makefile" problems that never get resolved. I spent hours the other week getting SDL to compile on ARM - sure, someone somewhere has done that for me but it's a pain in the arse involving editing Makefiles, changing options, patching configure scripts, etc. because "nobody ever does that, just use the binary".
Sarah Conner? by dutchwhizzman · 2013-10-24 09:41 · Score: 2

Is his mothers name Sarah Conner?

--
I was promised a flying car. Where is my flying car?
1. Re:Sarah Conner? by Anonymous Coward · 2013-10-24 18:08 · Score: 0
  
  Yes, but skip the first three, they are fake.
  Possible response: Yes/No Or what? Go away Please come back later Fuck you, asshole Fuck you
The power of open source! by Anonymous Coward · 2013-10-24 09:44 · Score: 0

Yay for open source. Certainly there is an advantage to being able to see the source and (re)build the softwares How do you validate closed source softwares? Reverse engineering won't always reveal the secrets and it is slow and painful to do. Any other methods?
And who are you? by nurb432 · 2013-10-24 09:45 · Score: 0

And why should i trust you?

--
---- Booth was a patriot ----
1. Re:And who are you? by MildlyTangy · 2013-10-24 09:53 · Score: 1
  
  Why do you need to trust him? The source code and instructions are available for the world to see, no trust of the author is required.
2. Re:And who are you? by nurb432 · 2013-10-24 10:02 · Score: 2
  
  It was a joke. Apparently not a successful one.
  
  --
  ---- Booth was a patriot ----
3. Re:And who are you? by geekoid · 2013-10-24 10:56 · Score: 1
  
  It might have been if it already hadn't been said 127 times.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Obligatory Ken Thompson Lecture by SplawnDarts · 2013-10-24 09:48 · Score: 2, Informative

http://cm.bell-labs.com/who/ken/trust.html
1. Re:Obligatory Ken Thompson Lecture by gwgwgw · 2013-10-25 15:13 · Score: 1
  
  Thank you for that specific link. I had not read it before.
  
  --
  That was Zen, this is Tao
Won't stop the NSA produced FUD by Anonymous Coward · 2013-10-24 10:26 · Score: 2, Interesting

The NSA wages a massive psychological warfare campaign in yearly psy-ops that are budgeted at multiple billions of dollars. Telling people that good, cheap, easy solutions are 'bad' is very very effective. Most people are very easily manipulated, when messages are regularly inserted into their media of choice.
Take one real-life NSA project:
- years ago, the US government passed laws insisting that ALL mobile phones in the USA could be location tracked using ANY viable technology solution. In reality, this means cell tower 'triangulation' methods, where the mobile network providers ensure that ANY phone visible to more than one tower has its precise position noted multiple times per minute. This process does NOT require any form of GPS chip, or for the phone to be 'in use'.
- the law, created for the benefit of the full surveillance activities of the NSA, was described to the sheeple at the time as 'assisting' the authorities in locating 911 callers who, for some reason, couldn't give their current location.
- for several years afterwards, TV dramas and Hollywood films built the location tracking nature of ALL mobile phones into their plots.
- then, the NSA decided that it wanted the American sheeple to FORGET this functionality, and contacted all the major media companies, requesting they no longer reminded viewers that their phones are effectively location tracking bugs. The excuse was that criminals would use their phones without regard for self-incrimination, if TV and films stopped reminded them of the risks represented by mobile phone use.
- now, for almost FIVE YEARS, most TV shows and films, if having characters with mobile phones, specifically state to the audience that phone location tracking is HARD, unlikely, and can only be done under very restricted circumstances. The TV show 'Shameless' (US remake) has a supposedly expert hacker kid STATE that mobile phones cannot be location tracked. The recent movie "The Call" states that only phones with GPS chips can be location tracked.
The NSA is in the game of perceived truths. The NSA has the money and influence to contact ANY mainstream media organisation, and have them carry an NSA designed form of propaganda.
Commercial encryption solutions don't just ALL contain NSA back-doors, they also prohibit the concept of 'plausible deniability'. Truecrypt doesn't tie the concept of password entry to the package that is to be decrypted. You cannot accurately say "this is a truecrypt data block". Commercial encryption products, on the other hand, bind the password process with the encrypted data, denying a user the ability to deny the use of encryption. NSA FUD shills suggest the government do NOT need proof of encryption when demanding passwords, but this is laughable. Legally, you CANNOT demand something you have no proof exists. With the use of Truecrypt, the government needs to collect pre-existing data about its use (say, like the fact the suspect has been witnessed STATING he/she keeps certain encrypted data on the suspect computer). A commercial encryption package, on the other hand, even without back-doors, still works to alert any third party where exactly encryption is active on the computer.
1. Re:Won't stop the NSA produced FUD by Anonymous Coward · 2013-10-24 20:54 · Score: 0
  
  Truecrypt doesn't tie the concept of password entry to the package that is to be decrypted. You cannot accurately say "this is a truecrypt data block".
  Are you saying that Truecrypt encrypted files/containers do not include a header containing the salt and hash? Sounds wrong.
Backdoor in the source? by kbg · 2013-10-24 11:01 · Score: 3, Insightful

But did this guy check why the Windows version writes mysterious random bytes in the header but not in the Linux version?
1. Re:Backdoor in the source? by BitZtream · 2013-10-24 13:21 · Score: 1
  
  They aren't even a little bit random, he's just not qualified to talk about what he's talking about.
  No two compiled windows binaries should ever be 100% identical. A new PE file should have all sorts of unique bits of data in it, the most obvious one being the debug symbol id, which is randomly generate for every EXE built, even if you run the build twice in a row back to back, if a new EXE is written, a new debug symbol ID is generated and embedded in it.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
2. Re:Backdoor in the source? by xavier2dc · 2013-10-24 15:40 · Score: 1
  
  Nop, but now you know this has to be sorted out by code auditing, not by speculations about the official binaries. Baby steps.
3. Re:Backdoor in the source? by Anonymous Coward · 2013-10-24 19:59 · Score: 0
  
  The header is in the generated truecrypt file, not the exe.
  Files generated in Linux have the same header set to zeroes.
Compiler can not be trusted by kbg · 2013-10-24 11:19 · Score: 5, Interesting

There is one problem with his findings. In order to compile TrueCrypt you have to use Microsoft Visual C++ compiler, which is made by Microsoft from a closed source. If I was the NSA I would but the backdoor in the compiler and it would get injected into the binary whenever TrueCrypt was compiled.
1. Re:Compiler can not be trusted by grub · 2013-10-24 11:50 · Score: 2
  
  Not just that, you need a very old Microsoft Visual C++: V 1.52
  
  Why so old? Weaknesses or backdoored? TINFOIL HAT!
  
  --
  Trolling is a art,
2. Re:Compiler can not be trusted by BitZtream · 2013-10-24 13:22 · Score: 1
  
  Or just the more likely answer: Shitty code that doesn't work on any compiler that doesn't suck
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
3. Re:Compiler can not be trusted by Will_Malverson · 2013-10-24 14:10 · Score: 1
  
  Hmm. I'm pretty sure I have my 15-year-old copy of MSVC 1.52 around here somewhere. Might be worthwhile to use something like that rather than a current version downloaded from MSDN.
4. Re:Compiler can not be trusted by xavier2dc · 2013-10-24 14:35 · Score: 3, Informative
  
  Visual C++ 1.52c is the last version that could generate 16-bit code, which is needed to compile part of the boot loader for full disk/system encryption. The other solution would have been to write all the thing in assembly (or replaced the portion with the pre-compiled code instead), but that wouldn't have made more people happy to reverse-engineer more assembly, would it?
5. Re:Compiler can not be trusted by Anonymous Coward · 2013-10-24 19:11 · Score: 0
  
  " I would but the backdoor in the compiler and it would get injected into the binary whenever TrueCrypt was compiled."
  Sorry, but you're not smart enough to do that.
6. Re:Compiler can not be trusted by grub · 2013-10-25 01:45 · Score: 1
  
  Ah, very good to know. Had no idea they needed 16 bit code (or that this was the only option)
  
  --
  Trolling is a art,
7. Re:Compiler can not be trusted by kbg · 2013-10-25 09:53 · Score: 1
  
  That was a weird statement to make, what is that supposed to mean? Writing compilers isn't actually very complex, I have written a few compilers myself, and putting a backdoor injection into a compiler is trivial. The hard thing to do is to hide the backdoor and make it look like innocent code.
8. Re:Compiler can not be trusted by kbg · 2013-10-25 09:56 · Score: 1
  
  Given that you can't trust the MSVC compiler, you would either have to use a different open source compiler or the audit would have to be for the generated assembly instead of the source.
9. Re:Compiler can not be trusted by Zorpheus · 2013-10-25 20:17 · Score: 1
  
  If they use a compiler that is older than Truecrypt they would avoid that the compiler could insert any code specifically into Truecrypt.
  Truecrypt 1.0 is from February 2004, Visual C++ 1.52 is from the Nineties, so if someone still has an old copy they should be safe.
Was referring to microcode compromise by tepples · 2013-10-24 12:53 · Score: 1

Russ1642's mention of "the source for the chips themselves" implied the (remote) possibility of a compiler backdoor implemented as part of a CPU's microcode, something Applekid stated more explicitly. Sure, the WDC 65816 in the Apple IIGS is connected to 1 to 8 MB of RAM into which a compromised compiler may be loaded. But that doesn't mean the CPU's microcode itself is compromised. There are detailed photomicrographs of the 65816, and the microcode part is not that big. I only mentioned it in the first place because something like ORCA/C is highly unlikely to have the same backdoors as popular compilers.
You all missed the point by Anonymous Coward · 2013-10-24 14:31 · Score: 0

Even TOR is made by NSA and they even confess to provide the servers for it, so that's why we know about Edward Snowden, he though he was safe using NSA TOR servers.
1. Re:You all missed the point by Unordained · 2013-10-25 03:30 · Score: 1
  
  TOR development was partially funded by the US Navy, not the NSA (at least officially.)
About the authors by paavo512 · 2013-10-24 18:08 · Score: 1

The authors of TrueCrypt have decided to remain anonymous. However, the timezone (GMT+1) of a TrueCrypt developer machine identified in the article matches the timezone of Czech Republic, mentioned in http://en.wikipedia.org/wiki/TrueCrypt: "The TrueCrypt trademark was registered in the Czech Republic under name of "David Tesarik"". Does not conclude anything, but it is a bit reassuring to know it might be developed a bit away from NSA and other large 3-letter organizations.
1. Re:About the authors by _Shad0w_ · 2013-10-24 19:01 · Score: 1
  
  It matches the timezone of most of Europe during winter and half of Africa all the time. Right now the Czech Republic (along with most of Europe) is currently GMT+2 (UK and Ireland are GMT+1 for another two days, then we revert to GMT).
  
  --
  Yeah, I had a sig once; I got bored of it.
2. Re:About the authors by Anonymous Coward · 2013-10-24 19:11 · Score: 0
  
  Czech Republic is a full NATO member, well known for choosing to support America over Europe when the occasion arises.
  (my critic is obviously targeted at the Czech gov, not the regular people).
3. Re:About the authors by paavo512 · 2013-10-24 19:28 · Score: 1
  
  It matches the timezone of most of Europe during winter and half of Africa all the time. Right now the Czech Republic (along with most of Europe) is currently GMT+2 (UK and Ireland are GMT+1 for another two days, then we revert to GMT).
  The timestamp studied in the article was from February, so no summer time in effect this time.
AC Irony by Anonymous Coward · 2013-10-25 00:54 · Score: 0

This is one of those few times where an AC is absolutely uninteresting :)
Re:"According to my findings" by Anarchduke · 2013-10-25 01:30 · Score: 1

Of course I have to trust them. Or do you think I'm actually going to go through the trouble of actually doing the steps myself?

--
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
New rule? by Anonymous Coward · 2013-10-25 03:18 · Score: 0

So as a rule of thumb a software which wants to be seen as secure should publish not only it's source and binaries but also virtual machine images which can be used to build sources and end up with the same results.
A bit harder for commercial dev environments though and this really is a non-issue for linux distributions which use source packages...
Inkhorn by Anonymous Coward · 2013-10-25 05:32 · Score: 0

The plural of datum is data.
The singular of data is datum.
Sorry, he should have specified: In modern English, data is non-countable and does not have a plural form.
You are correct about the Latin datum. You may now return to ancient Rome, or to whatever ivory tower you reside in.