Slashdot Mirror

← Back to Stories (view on slashdot.org)

TrueCrypt Audit: No NSA Backdoors

Posted by Soulskill on from the assuming-you-can-trust-the-auditors dept.

Mark Wilson writes: A security audit of TrueCrypt has determined that the disk encryption software does not contain any backdoors that could be used by the NSA or other surveillance agencies. A report prepared by the NCC Group (PDF) for the Open Crypto Audit Project found that the encryption tool is not vulnerable to being compromised. However, the software was found to contain a few other security vulnerabilities, including one relating to the use of the Windows API to generate random numbers for master encryption key material. Despite this, TrueCrypt was given a relatively clean bill of health with none of the detected vulnerabilities considered severe enough to lead "to a complete bypass of confidentiality in common usage scenarios."

7 of 142 comments (clear)

  1. Very gratifying to see by sasparillascott · · Score: 4, Informative

    This was very reassuring to see and I'm very glad the audit was finished finally. The 2nd to the last version (v7.1a) is the gold standard for multi-platform encryption where you can be reasonably sure the NSA/FBI doesn't have a back door (or access to the keys) like they would with Bitlocker etc..

  2. Re:Tin foil hat time by mrchaotica · · Score: 3, Informative

    Truecrypt lets you pick which encryption algorithm (and key generation mechanism, IIRC) that you want to use. So just pick one that the NSA didn't compromise!

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  3. Re: That's what they WANT you to believe! by Anonymous Coward · · Score: 5, Informative

    Look everyone, a NSA shill.

  4. Re:Tin foil hat time by Lord+Crc · · Score: 4, Informative

    There's talk that they influenced the decision of some recommended constants for Elliptic Curve Cryptography.

    You'll want to use constants that ensures the cryptographic strength of the algorithm, so picking them are non-trivial and hence a recommended set was published. This is the same for most algorithms. AES has constants and they are part of what makes the algorithm AES and not some other variant.

    Anyway, here's what Bruce Schneier said about ECC:

    I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry.

    https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929

    And here's a nice background on ECC:
    https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

  5. Re:Tin foil hat time by chihowa · · Score: 3, Informative

    The only case I know of where an algorithm was actually backdoored was one of the random number generation schemes... The algorithm in question happens to be (IIRC) quite fast.

    The random number generator, Dual_EC_DRBG is actually very very slow. If it wasn't pushed so hard, nobody would willingly use it.

    In other cases (DES I think??? I could be wrong.) the NSA recommended some oddball changes. No one could find a negative consequence of them so they went in - a decade or so later, it turns out that the original implementation of DES DID have a cryptographic flaw and the NSA recommendations fixed that.

    In addition to fixing the S-boxes as you described, they also recommended reducing the key size, which made the algorithm weaker and shorter lived.

    Dual_EC_DRBG was required for FIPS 140-2 certification, which is required for software that is used to protect sensitive-but-unclassfied information by the US government. So there is some conflict between the two goals above.

    --
    If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  6. Re:Tin foil hat time by swillden · · Score: 3, Informative

    In other cases (DES I think??? I could be wrong.) the NSA recommended some oddball changes. No one could find a negative consequence of them so they went in - a decade or so later, it turns out that the original implementation of DES DID have a cryptographic flaw and the NSA recommendations fixed that.

    Specifically, the S boxes (essentially some translation tables used in the algorithm) in the original design were vulnerable to linear cryptanalysis, which is a cryptanalytic technique that involves constructing systems of linear equations representing the transformations in key portions of the algorithm, then applying mathematical analysis to deduce key and/or plaintext bits. Linear cryptanalysis was unknown in the academic world at the time, but it was apparently known to the NSA. The NSA's changes made DES resistant to linear cryptanalysis.

    However, the NSA also reduced the key size and block size from 128 bits to 56 and 64 bits, respectively. This likely made DES vulnerable to brute force attacks by particularly well-funded attackers (e.g., the NSA). Use of multiple DES operations in sequence overcomes this issue and Triple DES today is still considered to be quite strong. So, all in all, the NSA improved DES security. This isn't surprising because it was a core part of their mission; a mission that appears to have been deprecated in the post 9/11 world, but was still very important to the NSA in the 70s.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  7. Re:That's what they WANT you to believe! by Anonymous Coward · · Score: 2, Informative

    You do realize that TrueCrypt is out of development and the shop's been shuttered, yes?

    Wrong. It's been forked:
    https://truecrypt.ch/
    https://ciphershed.org/

    And well before that it was reverse engineered:
    https://github.com/bwalex/tc-play