Slashdot Mirror
First Phase of TrueCrypt Audit Turns Up No Backdoors
msm1267 (2804139) writes "A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today (PDF) by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.
The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."
The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."
Wow, a code audit. What a great idea for a FOSS project.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Think I honed a few TC segments in Olly a while back, but nothing serious. I'd much rather have a few bugs than intentional back-doors. Fix those severe bugs described in he audit release and you got yourself user for life, TC.
just important this audit is...
Technically, if an NSA backdoor existed in the codebase, you would be prevented from reporting it by an NSA letter, subject to immeadiate imprisonment and confiscation.
So, what we can say is that it's clean, insofar as they are permitted to report.
Verify, then trust.
-- Tigger warning: This post may contain tiggers! --
Since Snowden's revelation about the NSA's clandestine $10 million contract with RSA,
I hope that as well as checking that the code implements some known encryption algorithm properly, that they also confirm that the algorithm itself is mathematically unadulterated (by the NSA or whoever).
This is why open source is so important.
ITT: People who (a) don't know how US law actually works and (b) assume that everyone in the world is bound by US law.
The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver. Not really surprising that they didn't find any critical security issues in those parts. The high value bugs should be in the crypto parts and how they are implemented.
isn't it possible to just have your backdoor be inserted by the compiler ?
I've been coding in C a long time and one of the medium security faults makes no sense to me:
"Windows kernel driver uses memset() to clear sensitive data"
The reasoning they give is:
"...However, in a handful of places, memset() is used to clear potentially sensitive data. Calls to memset() run the risk of being optimized out by the compiler."
WTF?!?
I suppose a smart compiler can optimize out a memset() if it's directly preceeded by a calloc() or something, but I have never had any compiler ever just ignore my request to memset().
What am I missing here?
Utilization of the HOSTS file would not allow you to avoid police detection; it is only useful as an anti-malware tool. Where do you get your information from?
The next question to answer is: Can Heartbleed compromise True Crypt?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
what the fuck did I just read?
The backdoor is not in the source it is in the MVC++ compiler. NSA is not stupid, putting the backdoor in the source itself would be risky, it would be much wiser to put the backdoor in the MVC++ compiler itself.
I am unfamiliar with the drama surrounding apk, but I do know that people who run around accusing others of pedophilia are usually just using it as ad hominem.
at least the sores are open, so that one may take a puss sample and analyse it for disease. When the sores are closed, who knows what you'll wake up with in the morning.
Why would you trust the liberals? I wouldn't trust either.
WTF. A troll with a cause.
The punishment for making this accusation maliciously should be worse than the crime itself.
One way to detect a backdoored compiler to a fairly high certainty is diverse double-compiling, a method described by David A. Wheeler that bootstraps a compiler's source code through several other compilers. For example, GCC compiled with (GCC compiled with Visual Studio) should be bit for bit identical to GCC compiled with (GCC compiled with Clang) and to GCC compiled with (GCC compiled with Intel's compiler). But this works only if the compiler's source code is available. So to thwart allegations of a backdoor in Visual Studio, perhaps a better choice is to improve MinGW (GCC for Windows) or Clang for Windows to where it can compile a working copy of TrueCrypt.
Due, Bush has been out of office for 6 years now. I know things are moving fast but please do try to keep up.
WTF?!?
WTF indeed.
There seems to be a major trend towards making compilers create code that is as different as possible from what the programmer wrote without being so different that the programmer actually notices. One might assume it's a secret NSA plot to defeat security measures in all software everywhere. You know, if one was incredibly paranoid, that is.
It's hard to say whether this is justified behavior. As an example, consider this code from a link an AC posted:
int ....
crypto_pk_private_sign_digest(....)
{
char digest[DIGEST_LEN];
memset(digest, 0, sizeof(digest));
return r;
}
Exploit mitigation code like this is a case of writing code which we expect to never have any effect, just in case we're wrong and it does have an effect. Then the compiler comes along and decides for itself that the code we wrote will never have any effect and removes it. It's kind of hard to blame it for noticing the uselessness of the operation when we ourselves expected the code to likely have no effect when we wrote it, but then, the whole reason we wrote it is because we thought we might be wrong. Should the compiler then assume that we might be wrong as well, and that we might access that memory using a different pointer?
Does it make sense to compile with optimization enabled when, by including things like the memset() call to clear memory we're finished using, we clearly have goals other than optimization?
The article mentions the fix being the use of a different function which won't be optimized away, but I wonder if even that is a legitimate fix. Our "digest" array is just another variable that the compiler is free to do whatever it wants with in the name of optimization. If it will make the program run faster, it's free to make two copies of it. Then our new never-optimized-away function will end up erasing only one copy of the variable.
So problem here isn't the use of memset() rather than some other function. The problem is that we're asking the compiler to create code that doesn't match what we've written. It should be no surprise then when it goes ahead and does that. Thus, I don't think it's correct to claim that the error here is the failure to use the correct function to clear the memory. I think the error is in asking the compiler to generate code that isn't identical to the source code.
The core of the problem is that C isn't a language that allows us to clearly tell the compiler exactly what we want to happen. Without bounds checking on pointer use, every pointer is effectively a pointer to all memory. Thus, when a pointer falls out of scope, it doesn't mean anything. That memory can still be accessed via any other pointer anywhere in the program. If C enforced bounds checking, such that accessing the data in "digest" via any other pointer was impossible, then the compiler could safely work under the assumption that once "digest" falls out of scope, the data it points to will never be accessed again, and thus removing the memset() call would be a safe thing to do since it truly would have no effect.
It really seems ridiculous when you think about it. Compilers assume that bounds on pointers will be respected, yet make no attempt whatsoever to enforce those bounds, essentially guaranteeing that they will not be respected since programmers are imperfect.
Consider what the compiler will do when it encounters code like this:
int a[4];
int b[4];
int c[4];
b[-1] = 0;
Despite the obvious error in the above code, GCC will compile it without error. It will then perform optimizations that assume that neither a[] nor c[] have been affected by the assignment to b[]. It seems rather ridiculous that anyone is expected to create secure software in such an environment. Either the compiler should enforce bounds checking, or it should assume that any pointer operation ca
Where the hell did this discussion spring up from? Is this some sort of subtle attack against the Android app format? I don't get it.
was expecting something esoteric but turned out to be really straightforward
I think you failed to notice that the page talks about two separate bugs. In the first one, the memset() really is completely removed by optimization.
the type of error you make at 2am, taking the size of the pointer instead of the actual size of the buffer
I'd argue that's an error one might make any time of the day. The sizeof() operator is ambiguous. Consider the following example:
#include <stdio.h>
void main() {
char a[100];
char *b = a;
printf("address of a is %p\n", a);
printf("address of b is %p\n", b);
printf("size of a is %lu\n", sizeof(a));
printf("size of b is %lu\n", sizeof(b));
};
One might assume that, since both "a" and "b" function identically (e.g., both "a[7] = 0" and "b[7] = 0" are valid, as are both "strlen(a)" and "strlen(b)"), then using the sizeof() operator on each of them should return similar results. However, that isn't the case, as sizeof(a) gives us the size of an array while sizeof(b) gives us the size of a pointer.
It would make more sense if sizeof(a[]) returned the size of the array while sizeof(a) and sizeof(b) both returned the size of a pointer. As it presently works, sizeof() is a somewhat scary operator to use. I usually end up using a printf() to verify that it is giving me the size of what I want the size of rather than assume I know what it is doing.
There's no need to have a backdoor when Windows sends them your TrueCrypt password.
I am unfamiliar with the drama surrounding apk
Nah, that's mostly just the iDevice users badmouthing Android.
Ezekiel 23:20
Utilization of the HOSTS file would not allow you to avoid police detection; it is only useful as an anti-malware tool.
Actually, it's useful for no such thing. People lulled into false sense of security had better install PeerBlock with agressive lists of malicious IP addresses. A hosts file, my ass!
I think it is just a mentally disturbed person talking to himself. Just ignore it.
APKs rape children ?
Sorry Apple shill, but you are going too far.
The backdoor's in the compiler.
Best NSA troll of all time!
It does much more than that for speed, security, reliablity, + anonymity http://start64.com/index.php?o... [start64.com] shown in 17 points there where apk has it hosted along with sites in the security community (like malwarebytes' hpHosts website). Apk's made a good program that does what he stated in that link above in 17 points for the good of any end user of customized host files and that botnet masters and malware makers hate since it stops them dead, saves you bandwidth + tracking advertisers take from you along with infecting you with malicious script, gives you reliablity against DNS redirection flaws from fastflux and dynamic dns using botnets as well as downed dns servers, and even added anonymity against dns request logs or getting past dnsbl you may not like. It doesn't stop police using deep packet inspection or the nsa with their practically man-in-the-middle attack using discrete math graph theory techniques or BGP misuse. However it does more than any single browser addon and even fixes dns security issues with less parts and its native to any OS with a standard bsd derived ip stack.(which is most all out there if not all) for more speed, security, reliablity, and anonymity.
Reposting again since it was minus moderated for some dumb reason earlier here http://it.slashdot.org/comment...
It does much more than that for speed, security, reliablity, + anonymity http://start64.com/index.php?o... [start64.com] shown in 17 points there where apk has it hosted along with sites in the security community (like malwarebytes' hpHosts website). Apk's made a good program that does what he stated in that link above in 17 points for the good of any end user of customized host files and that botnet masters and malware makers hate since it stops them dead, saves you bandwidth + tracking advertisers take from you along with infecting you with malicious script, gives you reliablity against DNS redirection flaws from fastflux and dynamic dns using botnets as well as downed dns servers, and even added anonymity against dns request logs or getting past dnsbl you may not like. It doesn't stop police using deep packet inspection or the nsa with their practically man-in-the-middle attack using discrete math graph theory techniques or BGP misuse. However it does more than any single browser addon and even fixes dns security issues with less parts and its native to any OS with a standard bsd derived ip stack.(which is most all out there if not all) for more speed, security, reliablity, and anonymity.
Reposting again since it was minus moderated for some dumb reason earlier here http://it.slashdot.org/comment...
It does much more than that for speed, security, reliablity, + anonymity http://start64.com/index.php?o... [start64.com] shown in 17 points there where apk has it hosted along with sites in the security community (like malwarebytes' hpHosts website). Apk's made a good program that does what he stated in that link above in 17 points for the good of any end user of customized host files and that botnet masters and malware makers hate since it stops them dead, saves you bandwidth + tracking advertisers take from you along with infecting you with malicious script, gives you reliablity against DNS redirection flaws from fastflux and dynamic dns using botnets as well as downed dns servers, and even added anonymity against dns request logs or getting past dnsbl you may not like. It doesn't stop police using deep packet inspection or the nsa with their practically man-in-the-middle attack using discrete math graph theory techniques or BGP misuse. However it does more than any single browser addon and even fixes dns security issues with less parts and its native to any OS with a standard bsd derived ip stack.(which is most all out there if not all) for more speed, security, reliablity, and anonymity.
Reposting again since it was minus moderated for some dumb reason earlier here http://it.slashdot.org/comment...
Which adds MORE layered in filtering drivers, since the NEXT addition to my APK Hosts File Engine http://start64.com/index.php?o... is going to do the SAME THING PeerBlock does, albeit with LESS MOVING PARTS & ROOM FOR BREAKDOWN due to complexity - how?
Just by doing what I do @ slashdot manually for IP addresses connecting to me that offer ME no value & only slowups & tracking, in fact (shearing away crap that tracks & slows me up):
I monitored this site after applying my custom hosts file using a gui version of netstat -ano pretty much (NIRSOFT Network Latency Viewer).
I discovered that yes, thehosts file 'shears off' MANY things that send you ads here, and track you, but SOME OF THEM ARE SERVED BY IP ADDRESS... thus, the hosts file's NOT effective vs. those served by IP!
(HOWEVER, Firewalls, like Windows' is, only operate on IP addresses)...
So, what to do?
Well, lol this:
I HAVE ALREADY BUILT THE PROTOTYPE FOR THIS that adds the IP ADDRESS of such connections in my program here... & it works - ONLY 2 THINGS CONNECT TO ME ON ANY SLASHDOT SITE, & I get what I want only. NO tracking. NO scripts, etc.
Then, I ran minus a hosts file - I sped up noticeably, due to less crap to connect to & EVEN MORE with the hosts file running alongside it.. AND, less tracking is my guess too (bonus).
It works... & I've already sent others here as well (Hairyfeet for example, a widely known member here I like) a ruleset for the Windows firewall for this site in fact.
APK
P.S.=> I am just doing what I do with hosts ( especially with less moving parts complexity + room for breakdown & slowdown using slower usermode layered on browser addons that do less + not as well as hosts)
OR
Even shoring up DNS (hosts fix its shortcomings in security & redirection issues from numerous malicious sources)
Simply by USING WHAT YOU NATIVELY HAVE ALREADY, in the Windows firewall driver - NOT ADDING ON "MORE MOVING PARTS", like PeerBlock does...
... apk
It does much more than that for speed, security, reliablity, + anonymity http://start64.com/index.php?o... [start64.com] shown in 17 points there where apk has it hosted along with sites in the security community (like malwarebytes' hpHosts website). Apk's made a good program that does what he stated in that link above in 17 points for the good of any end user of customized host files and that botnet masters and malware makers hate since it stops them dead, saves you bandwidth + tracking advertisers take from you along with infecting you with malicious script, gives you reliablity against DNS redirection flaws from fastflux and dynamic dns using botnets as well as downed dns servers, and even added anonymity against dns request logs or getting past dnsbl you may not like. It doesn't stop police using deep packet inspection or the nsa with their practically man-in-the-middle attack using discrete math graph theory techniques or BGP misuse. However it does more than any single browser addon and even fixes dns security issues with less parts and its native to any OS with a standard bsd derived ip stack.(which is most all out there if not all) for more speed, security, reliablity, and anonymity.
Reposting again since it was minus moderated for some dumb reason earlier here http://it.slashdot.org/comment...
More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
...secret courts and secret evidence is something American ? I guess somebody was right about that Poisoning The Bodily Fluids Of Justice.
Felix Tschershinsky has won over the U.S. apparently.
Show a post of ME saying that, from earlier than the past month or so (of me dealing with the libelous cowardly little trolls like Tom or Zontar - who also impersonate me, or libel me etc.) go for it.
* :)
(Good luck - you'll need MORE THAN THAT though... lol, more like a miracle!)
In fact, DO I POST ANYTHING LIKE THAT here(where I literally extoll & eniumerate hosts files benefits to end users in added speed, security, reliability, & anonymity):
http://start64.com/index.php?o...
No - I do not. So fuck off, troll...
APK
P.S.=> More libel & lies from weak trolls that can't ever get the better of apk like Tom http://slashdot.org/comments.p... or Zontar http://slashdot.org/comments.p... (both libelers who use sockpuppets to mod themselves up, and their opponents who dust them like apk, down with).
... apk
Crede quod habes, et habes.
--
I do not speak for the truth of foreigners.
I don't get it, is this a macfag confusing apk with JavaScript?