Slashdot Mirror
First Phase of TrueCrypt Audit Turns Up No Backdoors
msm1267 (2804139) writes "A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today (PDF) by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.
The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."
The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."
Wow, a code audit. What a great idea for a FOSS project.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver. Not really surprising that they didn't find any critical security issues in those parts. The high value bugs should be in the crypto parts and how they are implemented.
The code is being audited in America. That's pretty funny.
How about an audit in a country where the NSA cannot tell the auditors to shutup?
CM www.cometenergysystems.com Blog: http://caribbeanrenewable.blogspot.com/
Since Snowden's revelation about the NSA's clandestine $10 million contract with RSA,
If you're on NSA's radar you've got bigger problems than TrueCrypt's trustworthiness or lack thereof. The NSA doesn't have to have a back door into AES (or the other algorithms) when they have an arsenal of zero day exploits, side channel attacks, social engineering, and TEMPEST techniques at their disposal. The average user should be far more concerned about these attack vectors (from any source, not just NSA) than the security of the underlying encryption algorithm.
The Diceware FAQ sums up the problem rather succinctly: "Of course, if you are worried about an organization that can break a seven word passphrase in order to read your e-mail, there are a number of other issues you should be concerned with -- such as how well you pay the team of armed guards that are protecting your computer 24 hours a day."
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Tell me this: if the NSA did put a backdoor in the package and if this audit found it, how would the NSA know about it in time to prevent it being reported? Sending a security letter to the auditors would just be considered proof that there was a backdoor to be hidden. The auditors may have been forced not to reveal anything about it to the general public, but you can bet that the people over at TrueCrypt would have found out about it and eliminated it as soon as possible, although they'd probably have had to pretend that they found the flaw themselves to protect both themselves and the auditors.
Good, inexpensive web hosting
Technically, if an NSA backdoor existed in the codebase, you would be prevented from reporting it by an NSA letter, subject to immeadiate imprisonment and confiscation.
Two responses.
First, I suspect if they were confronted with an NSL they could go the lavabit route and simply suspend the audit project with no explanation. IANAL but I don't think the NSA can compel them to falsify the audit results.
Second, if they are smart, they can have it audited multi-nationally with independent auditors to make it harder for any government gag orders to stick.
I've been coding in C a long time and one of the medium security faults makes no sense to me:
"Windows kernel driver uses memset() to clear sensitive data"
The reasoning they give is:
"...However, in a handful of places, memset() is used to clear potentially sensitive data. Calls to memset() run the risk of being optimized out by the compiler."
WTF?!?
I suppose a smart compiler can optimize out a memset() if it's directly preceeded by a calloc() or something, but I have never had any compiler ever just ignore my request to memset().
What am I missing here?
Oh hell, they'll just sneak into your home in the middle of the night and plant a hardware bug or key logger into your computer.
One of their favorite tactics used by law enforcement is to install cameras in your residence facing where you normally use your computer. They got a child pornographer like this, his use of true crypt didn't help because they had video of him entering the password and simply entered the password once they seized the computer.
True Crypt cannot reasonably protect you from law enforcement nor state sponsored spying like the NSA. It might protect you from some non-tech police agency in some shit hole country being able to access it but then they just use the standard non-tech password extraction method.
Obligatory XKCD. http://xkcd.com/538/
The problem with the NSA is we have no idea what their capabilities are, technologically or legally. They are clearly violating the constitution already and there seems to be no one willing or capable of stopping them. So if they did come to you with a NSL, no matter how ridiculous or unconstitutional it was, what choice would you have? You could go to the media, but how embedded in the media are they? Do they have standing NSLs with all the media organizations out there? You could go outside the country, but those newspapers are government by their own countries version of the NSA who's working in close relationship with ours. This really is a Global totalitarian secret police state. They haven't started herding people into camps or anything, but really... what's to stop them?
Do they have standing NSLs with all the media organizations out there?
I think there'd be less Snowden leak coverage if there were. :)
You could go outside the country, but those newspapers are government by their own countries version of the NSA who's working in close relationship with ours
Like China & Russia? Governements want their own security as much as their own intelligence agencies want to break it... there's too many pieces moving in opposite directions for there to be a credible global coverup of a transparent audit of open source software.
The backdoor is not in the source it is in the MVC++ compiler. NSA is not stupid, putting the backdoor in the source itself would be risky, it would be much wiser to put the backdoor in the MVC++ compiler itself.
If you're on NSA's radar you've got bigger problems than TrueCrypt's trustworthiness or lack thereof.
In case you've been sleeping under a rock for the last year, the target of the NSA is everyone. Not that they put you on the same level as the Chinese military of course, but nobody's under their radar and if they can grab your data or metadata easily they will because you could be a terrorist or at least the friend of a friend of a friend of a terrorist. It's not that the average joe would stand a chance if they threw everything in their arsenal at us, but those "zero day exploits, side channel attacks, social engineering, and TEMPEST techniques" don't come free and using them highly increases the chances of exposing them. The question is more like "Does NSA grab all the TrueCrypt containers used as backup on Dropbox/GDrive/whatever and rifle through everyone's data?" than "If the NSA really wants the contents of my laptop, would this really stop them?"
Live today, because you never know what tomorrow brings
One way to detect a backdoored compiler to a fairly high certainty is diverse double-compiling, a method described by David A. Wheeler that bootstraps a compiler's source code through several other compilers. For example, GCC compiled with (GCC compiled with Visual Studio) should be bit for bit identical to GCC compiled with (GCC compiled with Clang) and to GCC compiled with (GCC compiled with Intel's compiler). But this works only if the compiler's source code is available. So to thwart allegations of a backdoor in Visual Studio, perhaps a better choice is to improve MinGW (GCC for Windows) or Clang for Windows to where it can compile a working copy of TrueCrypt.
No. This is why thorough code audits are important.
You should use a passfile as well as a password. Makes it much harder for an attacker because something like a hardware keylogger or audio analysis to recover keystrokes can't see which file you selected. When it comes to breaking your key there is no way to know after the fact that a keyfile was used, so they will probably waste a large amount of time trying a dictionary attack on the password before even realizing that they need to also try any of the 100,000+ files on your computer as well. That is assuming you used a file on your computer, if it was on an external drive they didn't collect when they grabbed it they are screwed. Keep a few corrupt USB flash drives around just to make the wonder if they had it but broke it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I don't think you understand whats going on. PBKDF has absolutely nothing to do with 'protecting' your password. Its done because passwords suck ass for encryption keys.
TrueCrypt is taking your password and turning it into something USEFUL as a key for encryption, not 'protecting it'.
Standard passwords are pathetically low on entropy, a full twitter or SMS post is still not 256 bits of useful entropy, and its unlikely your passwords are anywhere near that. I admit I don't know your password, but if you're only using the standard character set, I can safely say its pathetically low on entropy. You need full binary keys generated from good random sources, but you'll never remember that, will you? Imaging trying to type it somewhere.
What the hashing does is takes your password and contorts it into a larger key that is more useful than whatever pathetic string of text you throw at it. It does so in such a way that, like all hashing processes are supposed to, you can't go backwards because bits are discarded along the way.
2000 rounds is pretty low, but thats only a tiny small part of the encryption/decryption process. And your password (as I understand true crypt) really just projects are larger private key, which is what is actually used for encryption. Its been a while since I've looked at or used TrueCrypt, so I may be wrong about that last particular bit.
For a full description: http://en.wikipedia.org/wiki/P...
I do write encryption software for a living. And again, its not about protecting your password or making it harder to guess, its about turning your crappy password into a useful encryption key, nothing more.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager