TrueCrypt To Go Through a Crowdfunded, Public Security Audit

← Back to Stories (view on slashdot.org)

TrueCrypt To Go Through a Crowdfunded, Public Security Audit

Posted by timothy on Thursday November 7, 2013 @10:53AM from the line-by-line dept.

An anonymous reader writes "After all the revelations about NSA's spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, co-founder of hosted healthcare services provider BAO Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total." (Mentioned earlier on Slashdot; the now-funded endeavor is also covered at Slash DataCenter.)

104 comments

Min score:

Reason:

Sort:

Huh? by Anonymous Coward · 2013-11-07 11:02 · Score: 1

Slash DataCenter? Do not want!!
Hmmm... by Anonymous Coward · 2013-11-07 11:04 · Score: 5, Interesting

But who will audit the auditors?
1. Re:Hmmm... by lgw · 2013-11-07 11:12 · Score: 5, Insightful
  
  But who will audit the auditors?
  Gorillas!
  Seriously, a fully public audit is the best possible approach. You can never be 100% sure, but you can get close enough if the audit attracts enough talent. This is the true promise of open source: moving from "in theory, you could look at the source", yahright, to "here's the crowdfunding for experts to openly audit the open source". That's something.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
2. Re:Hmmm... by Anonymous Coward · 2013-11-07 11:13 · Score: 0
  
  Turtles
3. Re:Hmmm... by SolitaryMan · 2013-11-07 11:49 · Score: 1
  
  This is still an important question. While yes, the money will attract some talent, the money also will attract scammers and just random people who want to make a quick buck. And I don't see $50k attracting enough talent.
  
  --
  May Peace Prevail On Earth
4. Re:Hmmm... by adolf · 2013-11-07 13:09 · Score: 4, Interesting
  
  Phone call to encryption expert: "Yes, thank you Truecrypt. I will gleefully accept your money and publish an audit."
  Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."
  (Oh, encryption experts are immune to subterfuge, greed, bottomless debt, double-dipping, and generally being nafarious? I thought that they were just human like the rest of us!)
  (And for the record, once one "independent" party accepts money from another party with a dog in the race, they cease being "independent" about the matter at-hand.)
  (See also: Whitewash.)
  
  --
  Kid-proof tablet..
5. Re:Hmmm... by lgw · 2013-11-07 13:40 · Score: 2
  
  But then we'll know. If Bruce Schneier is an NSA plant, and he and at least one smart non-NSA plant routinely audit software, the pattern will emerge.
  Like I said, nothing is perfect, but this is pretty good.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
6. Re:Hmmm... by lgw · 2013-11-07 13:42 · Score: 2
  
  In this case you won't need much money, as TrueCrypt is so high profile and lots of security experts use it personally. If this approach catches on, and the novelty wears off, then you'd need more money to be sure.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
7. Re:Hmmm... by adolf · 2013-11-07 14:13 · Score: 2
  
  But I don't know Bruce Schneier from a hole in the ground, and the only thing I know about Truecrypt is that the folks who make it say it is secure (or, perhaps in the future, pay for audits, wherein it is proclaimed secure).
  The circle of trust is very, very short here.
  Studies have shown that studies are easily skewed by money.
  
  --
  Kid-proof tablet..
8. Re:Hmmm... by Anonymous Coward · 2013-11-07 17:16 · Score: 0
  
  Why Yes, I do Sing but you need a very big bucket to carry the tune.
  Fast Turtle
9. Re:Hmmm... by Alarash · 2013-11-07 21:11 · Score: 1
  
  Richard Stallman should be all over this. I mean, he keeps saying all over the place how software needs to be open for people to review what it does, and if there's ever been a time where this was needed, it's now.
10. Re:Hmmm... by Yvanhoe · 2013-11-07 21:27 · Score: 1
  
  Dor what it is worth, the version 6.0a of Truecrypt has been found clean by the ANSSI, the French public agency of computer security (which have a good reputation in cryptography, but who may set the paranoia cursor a bit too low) in 2009.
  
  It was considered adequate for military use. Depending on your political opinions, this may be a laughable audit or a solid claim.
  
  A famous French blogger made a binary comparison between the sources and the windows binaries given by Truecrypt and deduced that (unless the compiler itself adds backdoors automatically, as improbable as it is, we cannot totally dismiss that possibility nowadays) no backdoors have been hidden in the binary. So if the code is clean, the binary is clean.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
11. Re:Hmmm... by Lennie · 2013-11-07 22:06 · Score: 1
  
  If you think this is about attracting random talent, you are so wrong.
  This is about compensating known experts for their time spent on doing the audit.
  It takes a lot of time to do an audit.
  
  --
  New things are always on the horizon
12. Re:Hmmm... by sociocapitalist · 2013-11-07 23:59 · Score: 1
  
  Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."
  Let's not forget the probable stick that would come along with the carrot. 'National security...open your mouth about what you find and (insert threats here).
  
  --
  blindly antisocialist = antisocial
13. Re:Hmmm... by AmiMoJo · 2013-11-08 00:21 · Score: 1
  
  It's not the Truecrypt people organizing the audit, it's an independent group. Of course they might be the same person as the authors of Truecrypt are not known for certain, but since the audit will be public any deliberate failures are likely to be spotted. If you were a security researcher doing a public audit it would be unwise for you to accept money to botch it, since your professional reputation is on the line.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
14. Re:Hmmm... by adolf · 2013-11-08 04:54 · Score: 1
  
  Which brings us back to the original question:
  Who watches the watchers?
  How would we even know if it was botched?
  
  --
  Kid-proof tablet..
15. Re:Hmmm... by SolitaryMan · 2013-11-08 06:17 · Score: 1
  
  If the experts are already known, then I definitely don't see a point in not disclosing their names before the fund raiser.
  I think the idea is really cool, but the process is also very important.
  
  --
  May Peace Prevail On Earth
16. Re:Hmmm... by Anonymous Coward · 2013-11-09 11:03 · Score: 0
  
  Phone call to encryption expert: "Yes, thank you Truecrypt. I will gleefully accept your money and publish an audit."
  Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."
  This is why we should have Bill Gates do the audit. He's so rich he cannot be bought.
Re:Please, Google by Anonymous Coward · 2013-11-07 11:05 · Score: 0

So it can be subverted from the inside either by NSA plants or through NSLs compelling Google to do so? No thanks...
Free testing by retech · 2013-11-07 11:06 · Score: 2

So they're getting crowd-funded money to do all their testing to ensure no one can see the NSA's back doors they have in place.
1. Re:Free testing by rudy_wayne · 2013-11-07 11:19 · Score: 5, Insightful
  
  If you think better, stronger encryption is the answer, then you don't understand the problem.
  In 2011 the Foreign Intelligence Surveillance Court issued a ruling that many of the NSA's activities were illegal and unconstitutional. You'll notice that this had no effect on the NSA's spying because (a) It was a secret order issued by a secret court and nobody knew about it until just recently and (b) There is essentially no oversight of the NSA which means they are free to do whatever they want.
  So, even if you have some super-duper unbreakable encryption, which has been audited and you can guarantee that it contains no NSA backdoors, so what? If the NSA can't break your encryption they'll simply yell "National Security" and get a secret order from a secret court compelling to do decrypt your stuff or face prosecution -- prosecution which will be carried out in secret, making it impossible to defend yourself.
  If you've been paying attention, you see what the real problem is.
2. Re:Free testing by Anonymous Coward · 2013-11-07 11:39 · Score: 0
  
  Mod Parent Up. Also: Security
3. Re:Free testing by Penguinisto · 2013-11-07 11:54 · Score: 2
  
  There is one small silver lining to this otherwise ugly cloud... if of course there's a way to hide any trace of TrueCrypt on a machine that's using it?
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
4. Re:Free testing by Anonymous+Psychopath · 2013-11-07 12:05 · Score: 2
  
  So they're getting crowd-funded money to do all their testing to ensure no one can see the NSA's back doors they have in place.
  So what's your answer? Everyone just does their own code review?
  
  --
  Eagles may soar, but weasels don't get sucked into jet engines.
5. Re:Free testing by Anonymous Coward · 2013-11-07 12:10 · Score: 1
  
  So, even if you have some super-duper unbreakable encryption, which has been audited and you can guarantee that it contains no NSA backdoors, so what? If the NSA can't break your encryption they'll simply yell "National Security" and get a secret order from a secret court compelling to do decrypt your stuff or face prosecution -- prosecution which will be carried out in secret, making it impossible to defend yourself.
  I'm very curious about this as I use truecrypt volumes of various types and sizes to fill my freespace with random data so free space wipes take less time. When I need some more room I delete a volume. The thing is when I make these I just grab a snippet of text from whatever I have open at the time. They are just junk files that truly can't be opened, does this mean I would sit in contempt of court for decades? Seems likely at this point.
6. Re:Free testing by letherial · 2013-11-07 13:50 · Score: 2
  
  Well put it in a hidden container and put stupid shit inside your normal container and give them that password. Throw a bunch of tax returns and shit in there and say you where only following your IT friends advice on protecting your finance documents, or if your IT, say you practice what you preach.
  Also, assume they will find this post and use it to prove you have a secret container, so you'll want to change your name, SSN, DOB and possibly a face change(at least your hair), in fact, why where you stupid enough to talk smack on NSA in a public forum? Clearly if you dont like the NSA watching over you then your a hardcore criminal/terrorist and we can just skip the whole show me what you got trial bullshit and lock you up...or maybe just bomb you. Hidden containers wont matter to the drone and the secret judge who already ordered your death.
  Point is...your fucked.
7. Re:Free testing by letherial · 2013-11-07 13:52 · Score: 2
  
  I think the bigger question here is, why do you need to wipe your free space? are you hiding something from the NSA?
8. Re:Free testing by Anonymous Coward · 2013-11-07 15:33 · Score: 0
  
  > If the NSA can't break your encryption they'll simply yell "National Security" and get a secret order from a secret court compelling to do decrypt your stuff or face prosecution -- prosecution which will be carried out in secret, making it impossible to defend yourself.
  [citation needed]
  Pretty sure that's not how FISA works
9. Re:Free testing by Anonymous Coward · 2013-11-07 18:33 · Score: 0
  
  Ayup, however, you are speaking as an American, which constitutes a small minority. For the rest of us, Truecrypt and GPG are truly useful to protect us from American and UK spying overreach.
10. Re:Free testing by L4t3r4lu5 · 2013-11-07 21:30 · Score: 1
  
  For the same reason I shred my old bank statements and cut up my old credit cards.
  
  I didn't read the parent to your comment, so I'm taking your comment as worded. This information is valuable to other people, whether they can use it to imitate you to get further information from a trusted source or to access your finances or medical history. I wipe the free space because the end point (my PC) isn't secure. The remote server is supposed to be secure, as is the connection to my PC, but once decrypted on my computer it is plaintext. If it's stored on the hard disk, e.g. swapping or in temporary files, then there is going to be a record of that information accessible to those with the (freely available to download) tools to retrieve it.
  
  Not securely wiping your hard drive before disposing of it is like throwing your bank statements out in the trash.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
11. Re:Free testing by Anonymous Coward · 2013-11-07 22:08 · Score: 0
  
  In practice, it is slightly worse, but it does work that way generally.
12. Re:Free testing by Anonymous Coward · 2013-11-08 01:44 · Score: 0
  
  What's wrong with dd if=/dev/urandom of=/some/dir/blank0001 bs=1M count=1000?
13. Re:Free testing by rvw · 2013-11-08 02:22 · Score: 1
  
  If you've been paying attention, you see what the real problem is.
  The real problem here is that you're living in the USA. And another problem is your thinking.
  Many of us don't live in the US. And even if we live in the EU, in a country who's secret service cooperates with the NSA, we still don't have a Patriot Act and I don't think that people here are abducted to the US or some stinking country without human rights for something like this.
  Then your thinking. Most of us are just normal people, who want to protect documents for various reasons, and we want to use stronger encryption without backdoors if possible, because it will make it more difficult for anyone to break. And we want to store those truecrypt volumes in our dropboxes or iclouds or google drives or wherever. Having strong encryption without backdoors will guarantee that the NSA won't be able to scan those documents. They cannot read what's inside. And because they cannot force everybody to give their keys, 99.999% of us will have our documents safe from prying eyes. Those people who run into trouble with the NSA - valid or not - they will face your scenario. And they will not be safe, maybe even for EU citizens.
14. Re:Free testing by letherial · 2013-11-08 02:46 · Score: 1
  
  i guess the joke went over your head(see parent comment)....but thats ok, your right though, wiping data is a good idea. You could always just encrypt your entire drive as well, making wiping unnecessary.
15. Re:Free testing by L4t3r4lu5 · 2013-11-08 03:22 · Score: 1
  
  I would argue that you should also wipe at least the start and end of the drive (for TrueCrypt encrypted volumes) to destroy the (yes, also encrypted) key.
  
  TrueCrypt, as an example, uses the "user key" you provide (weak) to encrypt the "volume key" generated from the various RNGs and entropy pools available (strong), like wiggling the mouse.This is used to actually encrypt the data. This way, you can change the "user key" without having to decrypt and re-encrypt the entire volume; Only the "volume key" needs to be re-encrypted. Overwriting the beginning and end of the drive destroys both the master and backup of this key, rendering the drive utterly unrecoverable except by brute force.
  
  I also pointed out that I didn't read the parent comment ;)
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
They need an independent expert to validate it? by Anonymous Coward · 2013-11-07 11:07 · Score: 3, Funny

Alright, I'll volunteer. Once the money has cleared my account, consider it "validated."
1. Re:They need an independent expert to validate it? by Anonymous Coward · 2013-11-07 11:20 · Score: 1
  
  Look, validating software is quite important as well. Its not as if validating truecrypt is something you can easily do in your free time. You need people that understand encryption and software to be able to get somewhere.
  I am sure they won't just give any jackass the money and not demand reproducible steps and clear verification of the source code.
  Its not because validating that everything works like they say it does without adding any code, that validating is a valueless job. There is great value for anybody trusting upon truecrypt to have it validated by people who are able to actually do a good validation, and its not a 5 minute job to go through all the source and understand everything it does, so its very reasonable to pay somebody for it.
Re:Please, Google by epyT-R · 2013-11-07 11:08 · Score: 3, Insightful

Are you nuts?
Re:Please, Google by Anonymous Coward · 2013-11-07 11:10 · Score: 0

That might be the shittiest idea anyone ever had !
I'm just speculating here .. but by OhANameWhatName · 2013-11-07 11:10 · Score: 0

.. would the people of the United States have trust issues with the NSA?
1. Re:I'm just speculating here .. but by Anonymous Coward · 2013-11-07 11:35 · Score: 0
  
  No. Why would you say that?
  (SSSSSSSSHHHH...they're listening.)
If something "fishy" is found... by Anonymous Coward · 2013-11-07 11:11 · Score: 0

...i'll feel a great disturbance in the Force, as if millions of terabytes suddenly cried out in terror and were suddenly erased. I fear something terrible has happened to the hard drives industry.
Re:Please, Google by Anonymous Coward · 2013-11-07 11:22 · Score: 0

So it can be subverted from the inside either by NSA plants or through NSLs compelling Google to do so? No thanks...
I thought the NSA plant the auditor ...
Won't work for the Windows version by kbg · 2013-11-07 11:24 · Score: 4, Insightful

The Windows version is compiled with MSVC, which almost certainly has a NSA backdoor that gets compiled into the TrueCrypt binary.
1. Re:Won't work for the Windows version by Mr0bvious · 2013-11-07 11:40 · Score: 2
  
  Please vote this up..
  Indeed, the vectors for adding back doors is not as simple as looking at source code.
  
  --
  Never happened. True story.
2. Re:Won't work for the Windows version by vux984 · 2013-11-07 11:54 · Score: 5, Insightful
  
  Sure, vote it up as a point that the the toolchain is always suspect, but saying MSVC is injecting backdoors into everything it compiles is just plain idiotic.
3. Re:Won't work for the Windows version by Mr0bvious · 2013-11-07 12:06 · Score: 1
  
  Absolutely, I'm no conspiracy theorist. I just agreed that the source code is not the only vector for injecting backdoors.
  
  --
  Never happened. True story.
4. Re:Won't work for the Windows version by sconeu · 2013-11-07 12:19 · Score: 4, Informative
  
  * We know that the distributed source generates the distributed binaries. There was an article on this (I'm too lazy to search for it).
  * This audit will vet the source so that there are no *CODED* back doors.
  * The code is still vulnerable to a Ken Thompson style attack.
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
5. Re:Won't work for the Windows version by Anti-Social+Network · 2013-11-07 12:20 · Score: 2
  
  Which is why, if you read the info on the IndieGoGo blurb, they talk about a validated Windows build that is signed.
  
  Unfortunately it's not realistic to ask every Windows user to compile Truecrypt themselves. Our proposal is to adapt the deterministic build process that Tor is now using, so we can know the binaries are safe and untampered.
  
  --
  Goddammit just when I get my first +5 the Beta rolls out and kills everything
6. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-07 12:30 · Score: 0
  
  Windows itself is compromised. It doesn't matter how secure your source is, or how secure the binaries are.
7. Re:Won't work for the Windows version by swillden · 2013-11-07 12:51 · Score: 1
  
  The code is still vulnerable to a Ken Thompson style attack.
  Is it possible to build the Windows version of TrueCrypt with GCC, or the Intel compiler? If so, then the Thompson attack can be worked around.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
8. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-07 13:02 · Score: 0
  
  Is that that bad an assumption?
  Microsoft worked very closely with the NSA, giving them bugs before fixing them so they could be abused. I don't think you need a big drop in morals to go from there to making everything compiled with your software be backdoored by default. I guess you could attempt to check it by compiling the smallest program possible and checking that, but even then it probably already includes more code than you would want to go through.
  Of course a good counter argument would be that if you backdoor everything automatically, why would you need to share bugs?
  Hell, why backdoor most stuff if most of it depends on your software (like .net) anyway.
9. Re:Won't work for the Windows version by Desler · 2013-11-07 13:08 · Score: 1
  
  Unless one is planted into GCC.
10. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-07 13:18 · Score: 0
  
  You're right. No compiler could ever inject a backdoor.
  Oh wait. The first public C compiler had a backdoor. Maybe you can claim that Microsoft isn't technical enough to pull that off, but they've had forty years and ten of thousands of employees to try to duplicate that feat so maybe there's a chance that they could possibly do what Thompson did. It theoretically possible that that they have caught-up to the C compiler from 1972. Maybe.
11. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-07 13:53 · Score: 0
  
  Probably, but you wouldn't be using the windows compiler, thus its possible for your end file to differ from their end file. Which is fine for personal use, but it doesn't help you verify that the binaries they distribute are safe.
12. Re:Won't work for the Windows version by steelfood · 2013-11-07 14:40 · Score: 4, Informative
  
  No, but certain differences between the TrueCrypt volumes generated by Windows and the TrueCrypt volumes generated by Linux point to there being a strong possibility of a backdoor in the Windows-only version.
  I'd be interested to see if there's actually code that writes out those random bytes in the header for Windows only, or if something else (API, MSVC, etc.) is causing the randomness. Because if it's the latter, then the chance of it being a backdoor goes way, way up.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
13. Re:Won't work for the Windows version by letherial · 2013-11-07 14:43 · Score: 2
  
  If you have followed any basic critical thinking class then you should observe one simple fact about this statement. It is a opinion, there are not facts supporting this that i am aware of (and many other claims about this article), nor is there any provided evidence.
  If you use windows there are facts you should know. 1. its the most used OS and is the biggest target for anyone wanting information. Its far better to build a generic malicious code that will attack a known vulnerability of windows, even if its not zero day, then it is to bother with the small percentage of people who use linux/mac, that is where the main problem with using windows. 2. There is really truly no way to know what is programed in windows, if you think microsoft would put at risk the world market for the NSA without one big fight, then you probably dont want to use windows. Consider this though, most breaches happen not because there is some easy way to break into windows, but because the admin didn't do something properly.
  Now its not up to me to decide what level of paranoid security you run, or why you choose one OS over another, it is up to me however to call out bullshit, or at the very least, demand evidence on outrageous claims.
14. Re:Won't work for the Windows version by EETech1 · 2013-11-07 15:52 · Score: 1
  
  www.techarp.com/showarticle.aspx?artno=770&pgno=3
  Hmmm...
15. Re:Won't work for the Windows version by gl4ss · 2013-11-07 16:25 · Score: 2
  
  some guy replicated building the released tc binaries already though.
  so unless the compiler is attaching a tc specific backdoor to everything..
  
  --
  world was created 5 seconds before this post as it is.
16. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-07 17:02 · Score: 0
  
  At the Tor blog they say "On Windows builds, something mysterious causes 3 bytes to randomly vary in the binary". No explanation though.
17. Re:Won't work for the Windows version by swillden · 2013-11-07 17:06 · Score: 1
  
  Unless one is planted into GCC.
  Easy to eliminate. There are plenty of other open source compilers.
  http://arxiv.org/pdf/1004.5548.pdf
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
18. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-07 17:27 · Score: 0
  
  The problem is, Microsoft owns the Private keys that sign any keys generated by a Windows System. Thus by default, any and all keys on a MS box are compromised from the beginning. This is the problem with PKI and any system that is not 100 percent under the User Control as to generating/signing keys. Until it is, I have to assume that any and all Windows Boxes are completely compromised by what ever government wants the data.
  Remember how fast those AlQueda Laptops using EFS were decrypted even though MS/NSA supposedly had no keys to do it? That's because MS does hold the keys to the kingdom. They're used to validate every Windows Update and such that occurs upon a windows system. The big question becomes "Am I paranoid Enough?" to which I have to answer that most people aren't paranoid at all and thus the answer is "Hell No!"
  Fast Turtle
19. Re:Won't work for the Windows version by kbg · 2013-11-07 21:19 · Score: 1
  
  You missed my point. As long as the MSVC compiler is used you can't be sure the binary is correct, even thought the source is audited. The only way to do a validated Windows binary build is to use an open source C++ compiler that has been audited to compile the Windows version of TrueCrypt.
20. Re:Won't work for the Windows version by kbg · 2013-11-07 21:21 · Score: 1
  
  Yes and he used the MSVC compiler which could include the NSA backdoor.
  The compiler doesn't have to attach the backdoor to everything, only when the TrueCrypt binary is being created.
21. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-07 23:16 · Score: 0
  
  But what if THOSE have trojans too?! (point being, you can't please or shut these people up)
22. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-07 23:41 · Score: 0
  
  So use an old Borland C++ compiler and compare the two binaries. Or Watcom. I mean, C and C++ haven't changed substantially since the 90s. If the NSA has hooks in all software tools ever made, there's no hope anyway.
23. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-08 01:24 · Score: 0
  
  Watch out, your tinfoil hat is slipping..
24. Re:Won't work for the Windows version by Anonymous Coward · 2013-11-08 03:13 · Score: 0
  
  Idiots, have you tried compiling tc on windows?
  It needs an ancient specific version of
  windows ddk and compilers.
  Have have ever found a second source for binaries? I haven't on the web.
25. Re:Won't work for the Windows version by swillden · 2013-11-08 04:35 · Score: 1
  
  But what if THOSE have trojans too?! (point being, you can't please or shut these people up)
  The method is extensible. You apply DDC to all compilers. In order for any of them to be trojaned, they all have to be trojaned... and they all have to include trojans specifically written for each of the others, which include the trojan all pairwise combinations.
  So if you have three compilers, with source code, you can apply DDC three times (A/B, A/C, B/C). If you detect no trojans, then either none exist, or each compiler must contain all three trojans (one for each compiler) and each trojan must contain code to detect each compiler.
  As the number of compilers goes up, the attacker's job gets harder. It's O(n^2) in the number of compilers, but it's actually tougher than that because at some point all of this compiler-detection and modification code gets big enough that it becomes easy to find in the binary. And the detection and modification code can't be too obvious, either.
  Note that while the attackers job gets harder as O(n^2), the detecter's job is O(n). It's not necessary to do DDC pairwise; you can order the compilers in a ring and compile around the ring... compile compiler i with compiler i + 1, then when i = n, use that last compiler to compile the first. Unless each compiler in the ring had code to detect the next and trojan it, inserting trojans for every other compiler in the ring, the modifications will be detected.
  If you need more compilers, you can get multiple versions of each compiler to throw into the mix. It's particularly good to go back to very old versions which could not possibly have known enough about the structure and code of new versions -- or entirely new compilers -- in order to be able to detect and modify them.
  The fact that clang is a very new compiler is quite useful this way. Pick old versions of GCC and the BSD compiler which predate the existence of clang by several years and apply DDC. If you don't detect a modification, they're all good -- unless whoever is trojaning everything is going back to software archives and quietly modifying old copies of the source code. So to be really sure you want to get your old copy from a trustworthy, or at least unmodifiable, source. For example I have some old CDs of the Red Hat distro from 1997.
  As a final proof, you can always just write your own C compiler from scratch. C is a simple language and if you don't care about producing optimal code or making it fast you can build a compiler from scratch in a few weeks of focused work.
  This problem is easily solvable.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
26. Re:Won't work for the Windows version by kbg · 2013-11-08 12:50 · Score: 1
  
  Not injecting backdoor into everything, just into the TrueCrypt binary. What is the easiest way to inject a backdoor into TrueCrypt? By asking Microsoft to add a backdoor to the MSVC compiler.
27. Re:Won't work for the Windows version by vux984 · 2013-11-08 17:15 · Score: 1
  
  So ... if "solution name" = truecrypt, and source-code file = xyz.cpp then replace x with y?
  How plausible is that really?
  What is the easiest way to inject a backdoor into TrueCrypt? By asking Microsoft to add a backdoor to the MSVC compiler.
  I think there's lots of easier, more reliable, less detectable ways than that.
28. Re:Won't work for the Windows version by kbg · 2013-11-10 09:46 · Score: 1
  
  Of course it isn't something simple like if "solution name" = truecrypt, that is just stupid. It's more like detecting specific encryption algorithms in TrueCrypt and injecting code that makes the encryption weaker by either modifying the encryption slightly or storing maybe part of the key somewhere in the data. So for the right people who know about the back door, decrypting becomes an easy task.
  How plausible is that? Well I guess you haven't read about the Ken Thompson hack for the C compiler. Doing something like this is VERY plausible.
29. Re:Won't work for the Windows version by vux984 · 2013-11-10 11:52 · Score: 1
  
  Of course it isn't something simple like if "solution name" = truecrypt, that is just stupid.
  Yes.
  It's more like detecting specific encryption algorithms in TrueCrypt and injecting code that makes the encryption weaker by either modifying the encryption slightly or storing maybe part of the key somewhere in the data.
  That's a non-trivial hack, how do you propose it "detect specific enryption algorithms in truecrypt" to detect that its compiling truecrypt, and then modify it. How many bytes of code do you think it would take to program that?
  And remember that hack has to be hidden in the compiler binary. And per the KTH hack, in order to not get discovered by the first disassembler or debugger that walks by it also has to infect those, which is even more complex and non-trivial code, that has to be hidden and spread.
  The amount of work the KTH has to be able to perform to defend itself from detection grows exponentially, while the amount of effort to detect the hack grows linearly. (look it up). In practice the KTH code would grow so big with code to defend itself that compiler would end up being mostly KTH code.
  The KTH demonstrates the difficulty (impossibility even) of provable security. But an actual KTH remaining hidden from someone specifically looking for one is VERY IMplausible.
30. Re:Won't work for the Windows version by kbg · 2013-11-10 12:32 · Score: 1
  
  That's a non-trivial hack, how do you propose it "detect specific enryption algorithms in truecrypt" to detect that its compiling truecrypt, and then modify it. How many bytes of code do you think it would take to program that?
  You say it like it is complicated. This is just programming, Microsoft and the NSA has billions of dollars to throw at the problem. It doesn't matter how much space it takes it can be done.
  Yes it has to be hidden, but you can have self modifying code and you can have code that looks like it does something innocent but actually does something else. Has anybody actually audited the MSVC binary? Didn't think so.
31. Re:Won't work for the Windows version by vux984 · 2013-11-10 13:46 · Score: 1
  
  You say it like it is complicated
  Because it is.
  Yes it has to be hidden, but you can have self modifying code and you can have code that looks like it does something innocent but actually does something else.
  Has anybody actually audited the MSVC binary? Didn't think so.
  Really you just have to audit the output. And you can start with 1 line of C and build up from there iteratively. Its work, and its tedious but its not nearly as hard as you think.
  It doesn't matter how much space it takes it can be done.
  Of course it matters how much space it takes.
  Your whole "self modifying code and innocent code that looks like one thing but is really something else has to be tiny... otherwise it sticks out like a sore thumb.
32. Re:Won't work for the Windows version by kbg · 2013-11-11 00:20 · Score: 1
  
  No you can't just audit the output by starting with 1 line of C code and move up from there, because you don't know what is the actual trigger for the back door. It can be any number of specific lines of code, includes modules or at least some output size of the binary.
  It doesn't have to be tiny, you can hide the code in data or other code. But even so just take a look at how tiny some programs are in the demoscene, you can build incredibly small code that does a lot. Also take a lookt at how some viruses are done, some use polymorphic code to hide their signature.
  Are really saying that this type of thing can't be done? You have little faith in human intelligence.
33. Re:Won't work for the Windows version by vux984 · 2013-11-11 10:03 · Score: 1
  
  No you can't just audit the output by starting with 1 line of C code and move up from there, because you don't know what is the actual trigger for the back door. It can be any number of specific lines of code, includes modules or at least some output size of the binary.
  Your assertion was that it was the truecrypt source code. So how about we use that. It's not terribly large.
  It doesn't have to be tiny, you can hide the code in data or other code.
  You can hide a small bit of code, you can't hide large amounts of code.
  But even so just take a look at how tiny some programs are in the demoscene, you can build incredibly small code that does a lot.
  Are really saying that this type of thing can't be done?
  Are you saying it could not be detected? You can't in one breath put forth that someone clever could make a virus, while in the other put forth that noone clever could find it. Especially when the math behind it shows that its an asymmetrical task -- that its much easier to find, than it is to hide.
  Also take a lookt at how some viruses are done, some use polymorphic code to hide their signature.
  Changing signatures is pretty trivial rearrangement, and instruction substitutions. It doesn't at all hide what the code does, it just makes it difficult to detect by trivially comparing a piece to known code.
  You have little faith in human intelligence.
  This has nothing to do with human intelligence; Its math and science. The KTH is possible, and essentially impossible to provably secure against (in a mathematical sense), but its also implausible on a large scale, and extremely difficult to hide from someone who is actively looking for it in a particular piece of code.
  We don't have to find the KTH by inspecting the code. We can find it by comparing the output of multiple toolchains. The differences will be small. Then its just a matter of analyzing the differences.
  Unless ALL the toolchains are infected, and are all 'covering for eachother'. That's gets to be implausible, and even that can be unravelled by building another toolchain.
  Its a lot of work, but not nearly as much work as you think.
American based auditors ? by Anonymous Coward · 2013-11-07 11:30 · Score: 0

They can audit all they like but if they are American why should a believe a word they say ?, with all those secret courts, secret gagging orders, oh and a $50B budget
Re:Please, Google by Anonymous Coward · 2013-11-07 11:53 · Score: 0

Not sure which Google hit you are referring to, but I suspect it is the following.
http://hackfromhell.blogspot.com/2012/12/truecrypt-hid-device-hack-with-knoppix.html
According to the author, due to design choices made by the developers of Truecrypt, it (TrueCrypt) is being used to subvert not only itself but as a means to infiltrate an entire system.
If this is true, then TrueCrypt is a poor choice for this audit (much less, anything else).
Does anyone really care? by badasawsomeness · 2013-11-07 11:55 · Score: 5, Insightful

I feel like this has been reported on 5 times by now. Yes we know they are raising money, please no more updates until the findings from the audit are in.
In the mean time is there any actual point to this? While TrueCrypt can be one of the best methods for a typical home user or even tech savy business person to encrypt that naughty folder. But it honestly isn't as widely used as they make it out to be. Most softwares or businesses use their own encryption. Not to mention the nature of TrueCrypt means its most often used to secure locals files or drives, meaning unless the NSA has direct control over your computer they really cant get at your stuff.
Also would this resolve anything? As soon as the audit is done people will either, question the findings for one reason or another. When in the end all the audit can say is if there is an intentional backdoor or if there is an obvious flaw in the code that would leave it vulnerable. Even if neither of these turn up there is still a very real chance the NSA found their own unintentional flaw in the code that allows them to greatly reduce the time required to decrypt the drive.
1. Re:Does anyone really care? by AHuxley · 2013-11-07 16:33 · Score: 3, Interesting
  
  Its more for people moving around the world. But the main risk is having your media looked at and someone seeing your need for the use of encryption.
  You could have all other data quickly captured and end up on a few gov lists with your computer returned.
  The NSA mostly seems to like to track all net use globally and then zoom in on users, their OS, files reviewing their digital lives.
  Tame OS, telcos and software seem to help the NSA with the final steps i.e. the end users encryption and saving the keystrokes for easy very decryption.
  But just the act of requesting an audit does make 'easy' past with some software more difficult.
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:Does anyone really care? by Anonymous Coward · 2013-11-07 22:16 · Score: 0
  
  Since truecrypt needs to decrypt while the pc is being used the whole thing is a complete waste of time. Any back door is (somewhere other than in the truecrypt code) sure to be using standard file reads etc which makes the data visible. If the machine is *off* and they nick it then all bets are off because they'll force the password out of you anyway if they deem it important enough.
Re:Please, Google by joelleo · 2013-11-07 12:19 · Score: 1, Insightful

They also apparently:

hacked my Power Supply by implanting a trasp device in My Bose Speakers and possibly my high end water machine that sent malware farts through my electrical grid and tunneled into my system that way.

sounds TOTALLY not paranoid schizophrenic.
On topic, Truecrypt is just a tool. It can't be "subverted" to do evil - it just exists and people can use it for 'good' or 'evil.' My hammer is really good and pounding nails ('good',) but would work equally well in password extraction ('evil') =)

--
"In the end, there is simply no weapon more devastating than the truth, delivered in just the right way." - tnk1
Probably a worthless approach by Anonymous Coward · 2013-11-07 12:34 · Score: 0

The NSA has decades of computer analysis running 24/7 on hardware no one can ever hope to match. Any audit done by "security professionals" will generally be worthless as it does not account for flaws or new approaches that require a specific dollar amount in terms of resources to implement.
I think the best approach is to stop using standard algorithms altogether and start implementing independent weak algorithms. That makes the task much more difficult as algorithm identification is a harder task than the break itself.
Let's make them work for it.
Re:Please, Google by Anonymous Coward · 2013-11-07 12:36 · Score: 0

That might be the shittiest idea anyone ever had !
What bothers you about that? The ads? The direct NSA backdoors? The fact that they'd abandon it after an extended beta period?
Re:Please, Google by Anonymous Coward · 2013-11-07 12:42 · Score: 1

Yeah, I know, that part seemed far-fetched to me as well.
BUT, the other stuff regarding TrueCrypt struck a note with me, in particular the screens of the TrueCrypt rules regarding admin rights and read-only enforcement structure--THAT could be used just as he explains. In that case, it would seem that the encryption--in it's mission to protect encrypted data from simply being over-written, actually allows malware to use this protection scheme to protect the malware. Simply encrypt the malware with TrueCrypt, and TrueCrypt protects it from being over-written AND allows said encrypted data to be loaded before the OS.
Pretty compelling. The guy made some of his data available for others to tear apart (he admits his weaknesses in this area). Perhaps someone here can actually do that.
Re:Please, Google by _merlin · 2013-11-07 12:47 · Score: 1

Yeah, you'd end up needing to sign in with a google account, storing your private keys in the cloud, posting stats on your g+ and allowing google to index the encrypted data.
Re:Please, Google by epyT-R · 2013-11-07 12:58 · Score: 1

awesome.. sign me up.
we know current version gcc is safe by raymorris · 2013-11-07 14:33 · Score: 2

We know that the current version of GCC doesn't have the "Ken Thompson" trojan. The original version could have, theoretically a but it couldn't survive so many versions. Also, gdb would have revealed it long ago.
Maybe gcc also trojans gdb? And ptrace, and ...
You have to imagine that the author wrote specialized trojans for a bunch of programs that hadn't been created yet, and hid them all in a few kilobytes. That's beyond impossible, even for the best programmer in the world.
audit will reveal the likely flaws, non-encryption by raymorris · 2013-11-07 14:40 · Score: 2

The best way to deal with strong encryption is to go around it, to use the back door. Those are the flaws an audit would reveal, issues not with the actual encryption, which is a fairly small part of the software, but with the other 90% of the code .
The encryption itself has been analyzed, and will continue to be analyzed, outside of Truecrypt, which is just one of many packages that use the same encryption.
ps - your homemade encryption isn't hard to figure by raymorris · 2013-11-07 14:48 · Score: 1

Ps - you're independent weak encryption is not hard to figure out. Let's say you use it for some PHP script on your web site. Well, it's on a publicly accessible web server, and it's friggin PHP, so I'll have the source code in ten minutes. As soon as I see the source, not only do I know what weak algorithms you're using, but I can also see the common flaws in your particular implementation.
A case in point -
A common "do it my own way" idea is to stack hash algorithms. Take a sha256 of the data, an MD5 of that, and RC4 that or whatever. Well, stacking hashes results in a hash that's provably WEAKER than the weakest hash in the chain. Each step you take to make it stronger actually makes it weaker.
I'm a total DIYer. I'd even DIY stitching a cut. There are two things you shouldn't DIY - high explosives and information security. (But low explosives are fun.)
Re:Please, Google by gl4ss · 2013-11-07 16:17 · Score: 1

it's a rambling.
but anyhow, as I gathered, in the story the hackers were the one's hiding their shit with truecrypt and not the guy who was getting hacked by triads...
frankly it's written like a madman.

--
world was created 5 seconds before this post as it is.
Re:Please, Google by LoRdTAW · 2013-11-07 17:08 · Score: 1

The site has to be a hoax.
My fav so far:

The Most clever of all is when they knew I was on Match.com so they had a Chinese Girl contact me and I was amazed at how quickly she wanted to come to my house, it was too easy actually but right after she came I noticed the hacking got 10 times worse. I now realize she came to get my cable modem Mac address so they could clone my cable modem.
I bet his herpes also got 10 times worse as well :-p
LOL:

Their hack made a mistake and assumed that the hidden volume I created was part of their set-up so they proceeded to copy over a 666MB .iso file that had the same name a linux Dragonfly Live DVD except that Dragonfly is 900MB, not 666MB like this one.
It gets better: How they hacked my iPhone last year in Asia

How they hacked my iPhone last year in Asia
If you think you are safe just because you have an original iPhone from Apple that wasn't unlocked, think again. Granted I was sleeping with the enemy ( my Vietnamese Wife ) and since I had to sleep sometimes, the Hoa Hao had a huge advantage because they could sabotage my electronic devices while I was sleeping if they weren't able to do it while I was awake.
So, um, yea. I would only read that blog if looking for a good laugh. A big "Thank you"goes out to the gp for the lulz.
Some of the money should go to a Bug Bounty by fluke11 · 2013-11-07 17:15 · Score: 0
I think it is an interesting idea of have a third party audit the code. However, I see the following problem with it:
- They do not name who will be auditing the code. I think it makes a huge difference if Harold & Kumar perform a security audit in comparison to Bruce Schneier, Steve Gibson and Theo de Raadt perform a security audit.
- The security audit will be against a specific version and doesn't answer the question of if someone with government level resources could sneak something into a future version.
- Purpose of funding a security audit is usually with the hope it will turn up nothing. However, even if nothing is found, that does not prove nothing sneaky exists.
The advantages of also having a Bug Bounty is:
- It extends to a wider base of security auditors since anyone interested in collecting the bounty can be included.
- It extends across multiple versions for as long as the bounty is still being offered.
- It only needs to be payed out if some problem is actually found.
sadly by eyenot · 2013-11-07 18:50 · Score: 1

Sadly, though, there is only one party offering to take a huge sum of money to crawl through code for a few weeks or possibly months. And it seems to me that the parties offering to do the work have a vested interest in the results coming out "negative for NSA bugs".
This means ( as others here have pointed out ) that there cannot truly be independent verification. As someone else points out, the money would be better spent on bug hunts.
The approach bears the mark of vigilantism. I say that, because encryption operating outside of scientific controls isn't trustworthy encryption. Anything that even touches the subject of encryption and expects to come away tinged with credibility needs to be isolated under scientifically controlled conditions.
Without the financially disinterested, scientifically and academically conglomerate third party offering to perform this same role as a purely academic public service, the scientific control doesn't exist.
You might point out that Green & White are academics, but also read in the article that they are going to take the money and hire an auditing company to do the actual work. That company is at this time completely up in the air. So the academe is thrown right out. The company could decide to hide troubling lines of code from Green & White. and give the code a clean audit. Who is going to raise the other $50,000 to cross-verify using similar means, when that means is so flawed that it obviously cries out for cross verification?
And what are Green & White hoping to get out of this? Are they going to become some sort of security world fixers? Are they going to become the secret holy grail of opportunistic businesspersons, the mythological "information brokers"? They aren't starting out with a purely academic premise or approach, so this is not going to be all that worthwhile for their academe so much as for their standing in that cross-ways between what Eisenhower referred to as "the military industrial complex" and what he referred to as "the educational research complex".
And our hypothetical, white-horse scientific group's work would have to be redundant. No part of the code could be independently verified by one person -- each procedure and call would have to be pored over by a panel to verify unanimously ( with the group ) that the conclusion about the reliability of the code segment was sound and that that section of code is trustworthy. Can we say anything like that is going to happen as this group of a few people munches and dines its way through the $50,000?
And this smacks of advertising. We're in a time, now, just after numerous encryption, secured storage, and secured email services have self-destructed in the wake of serious allegations of domestic spying. Apparently they found that they were either currently compromised, were facing a future of being compromised, or could not handle the pressure that the NSA was putting on them immediate or projected.
That's entirely the reason why this is happening -- to take a product that is popular and to scrutinize it carefully, taking advantage of its open source to contrast how different that reality is from the reality of closed box cloud services. It's a brand demonstration for the open source community in the least sense, but in a greater sense it's a product demonstration for TrueCrypt. Even TrueCrypt has rung in its "approval" of the audit.
We have people asking "who's auditing the auditors", "whose watching the watchdogs", etc. But who's watching this, this whole fiasco? A very limited crowd of people for whom it's not really a learning experience so much as reminder of the drudgery and toil that code and coding actually represent.
Let's ask ourselves seriously why this code isn't already vouchsafed by the community, first of all. If you can't take a completely open group that could theoretically consist of anybody with a computer terminal and say that this sample group -- the open source community, basically the world at large -- is sufficient to r

--
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
We need a perminant comittee by davydagger · 2013-11-08 00:49 · Score: 1

We need to turn this into a perminant comittee to rountinely test all open source encryption software, popular kernels (linux, freebsd, etc...), webbrowsers(firefox,chromium), webservers(apache, nginx), and other essential bits of free software we depend on (mariadb, php, python, etc...)
Re:Please, Google by nightsky30 · 2013-11-08 01:10 · Score: 1

frankly it's written like a madman.
Like or by?
Truecrypt is not open source by Anonymous Coward · 2013-11-08 01:31 · Score: 0

https://en.wikipedia.org/wiki/Truecrypt#Licensing_and_Open_Source_status
1. Re:Truecrypt is not open source by TangoMargarine · 2013-11-08 05:05 · Score: 1
  
  It's "open source" in the colloquial definition of the term as "the source is public; you can download and compile it, and use the resulting output for personal use."
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
backdoored binary may differ in a few bits by Anonymous Coward · 2013-11-08 03:04 · Score: 0

#if BACKDOORED
random &= 0xffff
#endif
Re:Please, Google by freeze128 · 2013-11-08 05:44 · Score: 1

Buy it from Whom? It's open source!