TrueCrypt Audit: No NSA Backdoors

That's what they WANT you to believe! by CajunArson · 2015-04-03 00:52 · Score: 1, Funny

Where's the fun in there not being any nefarious evil backdoors??!?!?

How am I supposed to feed my narcissistic persecution complex that the NSA is focusing billions and billions of dollars of resources just to spy on me and me alone when they can't even put a backdoor in TrueCrypt??!?!?

--
AntiFA: An abbreviation for Anti First Amendment.

Re: That's what they WANT you to believe! by Anonymous Coward · 2015-04-03 01:24 · Score: 5, Informative

Look everyone, a NSA shill.
Re:That's what they WANT you to believe! by Anonymous Coward · 2015-04-03 02:26 · Score: 1

You're trying to belittle the legitimate concerns people have had towards the security of their software. It's not working.
We already know of routers compromised en massé, mass collection of *everyone's* even seemingly irrelevant data (yours included), false flag hacking and whatnot. So yes, go ahead and crack a joke about the cornerstone of democracy and freedom of speech being slowly corroded away. Don't expect anyone to laugh, though.
Re:That's what they WANT you to believe! by Anonymous Coward · 2015-04-03 02:27 · Score: 5, Funny

It enlarges your penis, citizen.
You should compile with that flag every time for best results. Tell your friends.
Re:That's what they WANT you to believe! by Anonymous Coward · 2015-04-03 02:33 · Score: 1

It'll add -DSSSH_NSA_BACKDOOR_FLAG to $CC's command line when compiling things.
Re:That's what they WANT you to believe! by KGIII · 2015-04-03 03:04 · Score: 1

You do realize that TrueCrypt is out of development and the shop's been shuttered, yes?

--
"So long and thanks for all the fish."
Re:That's what they WANT you to believe! by Anonymous Coward · 2015-04-03 03:25 · Score: 2, Informative

You do realize that TrueCrypt is out of development and the shop's been shuttered, yes?
Wrong. It's been forked:
https://truecrypt.ch/
https://ciphershed.org/
And well before that it was reverse engineered:
https://github.com/bwalex/tc-play
Re:That's what they WANT you to believe! by Anonymous Coward · 2015-04-03 03:34 · Score: 1

Ciphershed.org is based on a rebranding of the original TC 7.1a which was the 2nd to last version. I have a copy of the installer of the 7.1a of TC.
I wonder what the actual difference would be in terms of security between the two?
Re:That's what they WANT you to believe! by KGIII · 2015-04-03 04:32 · Score: 1

Sweet! Much appreciated, I didn't dig any deeper than the TrueCrypt site (I guess I should have). The question is, then, do THEY have any NSA backdoors? There was a time when I'd have simple trusted open source but these days there is so much and so few eyeballs. Either way, I appreciate your reply a great deal. I will play with both later this afternoon when I have a bit more free time.

--
"So long and thanks for all the fish."
Re:That's what they WANT you to believe! by OutOnARock · 2015-04-03 12:41 · Score: 1

....these are not the back doors you are looking for......

Quis custodiet ipsos custodes? by Anonymous Coward · 2015-04-03 00:56 · Score: 2, Funny

Now we just need an audit of the auditors to make sure they weren't compromised and we can safely use TrueCrypt again.

Re:Quis custodiet ipsos custodes? by msobkow · 2015-04-03 00:59 · Score: 1

I disagree completely. We need to audit the auditors of the auditors as well. Eventually we'll need to close the loop by having the original auditors audit a set of auditors so it's a self-perpetuating circle of audits. :P

--
I do not fail; I succeed at finding out what does not work.
Re:Quis custodiet ipsos custodes? by OzPeter · 2015-04-03 01:03 · Score: 5, Funny

We need to audit the auditors of the auditors as well.
So it's auditors all the way down?

--
I am Slashdot. Are you Slashdot as well?
Re:Quis custodiet ipsos custodes? by BreakBad · 2015-04-03 01:04 · Score: 2

That auditor loop would need to be audited. I see the strategy now, its job creation.
Re:Quis custodiet ipsos custodes? by fustakrakich · 2015-04-03 01:06 · Score: 1

You bet your sweet ass it is...

--
“He’s not deformed, he’s just drunk!”
Re:Quis custodiet ipsos custodes? by jellomizer · 2015-04-03 01:22 · Score: 1

The interesting part of a conspiracy logic, we can have more and more people as part of it... It is just you who is some how left out.
However if the NSA couldn't keep snowden from releasing his information, who is rather low level. What makes you to think, that such a large conspiracy has such power behind it.

--
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Re:Quis custodiet ipsos custodes? by Anonymous Coward · 2015-04-03 02:08 · Score: 1

> NSA couldn't keep snowden from releasing his information, who is rather low level
If you think Edward Snowden was rather low level, I have a bridge to sell you (complete with turret, rangefinder, boilers, steam turbines, bilge pump, cat of 9 tails and a pair of 7-ton anchors.)
You see, Snowden's father was rear admiral of the US Coast Guard, just like McCain's father was rear admiral in the US Navy.
Re:Quis custodiet ipsos custodes? by lgw · 2015-04-03 02:19 · Score: 1

Auditor auditor auditors audit auditor auditors, obviously.

--
Socialism: a lie told by totalitarians and believed by fools.
Re:Quis custodiet ipsos custodes? by Phreakiture · 2015-04-03 02:21 · Score: 1

Or perhaps, "Quis audiet ipsos auditores"?
It sounds like it is the Ken Thompson problem of trusting trust once again rearing its head.

--
www.wavefront-av.com
Re:Quis custodiet ipsos custodes? by bytethese · 2015-04-03 02:22 · Score: 1

Someone doesn't watch movies I gather...
Re:Quis custodiet ipsos custodes? by Mister+Transistor · 2015-04-03 02:41 · Score: 1

Nice. +1 for the obscure Turtle Club reference!! :D

--
-- You are in a maze of little, twisty passages, all different... --
Re:Quis custodiet ipsos custodes? by Culture20 · 2015-04-03 02:45 · Score: 1

You use a side loop to audit the first loop, etc. until you have a tube, then loop the tube. It'll be a torus like a donut or a bagel. To audit the audit-bagel, you'll need concentric layers of more audit-bagels like an onion. Mmmmm... Onion Bagel.
Re:Quis custodiet ipsos custodes? by sconeu · 2015-04-03 03:02 · Score: 1

Are you a Turtle?
Been once since 1975!

--
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Re:Quis custodiet ipsos custodes? by Mister+Transistor · 2015-04-03 03:09 · Score: 1

YBYSAIA! (1972)

--
-- You are in a maze of little, twisty passages, all different... --
Re:Quis custodiet ipsos custodes? by Opportunist · 2015-04-03 03:24 · Score: 1

Took you quite a while.
That's what consulting and auditing is about. Hell, if it wasn't for that I'd have to get a real job and actually do some work!

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Quis custodiet ipsos custodes? by Opportunist · 2015-04-03 03:29 · Score: 4, Funny

Yet look how different they turned out to be. One became and upstanding, honest person who has never ever done anything but serving his country, and the other one went into politics.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re: Quis custodiet ipsos custodes? by loftarasa · 2015-04-03 03:40 · Score: 1

*slow clap* you win the Internet today, sir
Re:Quis custodiet ipsos custodes? by Bob+the+Super+Hamste · 2015-04-03 04:04 · Score: 4, Funny

I still like "A ship shipping ship shipping shipping ships".

--
Time to offend someone
Re:Quis custodiet ipsos custodes? by Culture20 · 2015-04-03 06:11 · Score: 1

To loop the onion bagel, you'll need four dimensions. So, want time travel? Throw more auditors at the problem.
Re:Quis custodiet ipsos custodes? by sjames · 2015-04-03 08:13 · Score: 1

Inmtroducing the Open Open Crypto Audit Project Audit Project.
Re:Quis custodiet ipsos custodes? by lq_x_pl · 2015-04-03 09:02 · Score: 1

You must work for the government. You have described a perfect bureaucracy.

--
An internal system operation returned the error "The operation completed successfully.".

Tin foil hat time by OzPeter · 2015-04-03 01:00 · Score: 3, Insightful

Wasn't the NSA accused of suggesting/modifying various encryption standards in order to weaken them? In which case they don't need back doors into the software as they can already unlock the data.

--
I am Slashdot. Are you Slashdot as well?

Re:Tin foil hat time by Anonymous Coward · 2015-04-03 01:07 · Score: 1, Insightful

Why don't you go inform yourself as to which encryption standards those were and then come back and actually contribute to the discussion, instead of mindlessly speculate?
Re:Tin foil hat time by Anonymous Coward · 2015-04-03 01:14 · Score: 2, Insightful

Why don't you go inform yourself as to which encryption standards those were and then come back and actually contribute to the discussion, instead of mindlessly speculate?
You don't want mindless speculation, yet you're reading Slashdot comments?
Re:Tin foil hat time by buchner.johannes · 2015-04-03 01:19 · Score: 1, Interesting

Wasn't the NSA accused of suggesting/modifying various encryption standards in order to weaken them? In which case they don't need back doors into the software as they can already unlock the data.
Yes, and the authors of said algorithms (CS researchers) agree that that was ok (a security - speed/implementation tradeoff).

--
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Re:Tin foil hat time by mrchaotica · 2015-04-03 01:19 · Score: 3, Informative

Truecrypt lets you pick which encryption algorithm (and key generation mechanism, IIRC) that you want to use. So just pick one that the NSA didn't compromise!

--
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Re:Tin foil hat time by jones_supa · 2015-04-03 01:26 · Score: 1

Which algorithms are we talking about?
Re:Tin foil hat time by plover · 2015-04-03 01:32 · Score: 3, Insightful

Yes, the NSA has been accused of colluding with RSA to promote the Dual_EC_DRBG random number generator as a standard, despite claims that it contained a backdoor. https://en.wikipedia.org/wiki/... . The NSA has also been accused of interfering with standards that would enable ubiquitous effective encryption for popular communications tools, such as phones and email, resulting in the current hodgepodge of patchwork. Sure, you may use TLS to send and retrieve your email to and from your ISP, but the data is unencrypted in their servers, and is vulnerable to interception there. Your cell calls may be encrypted, but Chris Paget demonstrated at DEFCON how easy that is to defeat, using his almost legal homemade version of a Harris Stingray. And the encryption algorithms used by cell phones only protect the data flying over the airwaves, not on the cellular wired infrastructure which is already required to be vulnerable by CALEA.
However, the existence of one backdoor in one algorithm does not prove or disprove the existence of backdoors in other algorithms. Most exploitable weaknesses we do know about come from either protocol flaws or implementation errors, and these auditors found evidence of neither.

--
John
Re:Tin foil hat time by maestroX · 2015-04-03 01:33 · Score: 1

DES http://en.wikipedia.org/wiki/D....
Re:Tin foil hat time by Totenglocke · 2015-04-03 01:34 · Score: 2

You can also use keyfiles too.

--
"The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." ~Thomas Jefferson
Re:Tin foil hat time by Andy+Dodd · 2015-04-03 01:42 · Score: 5, Interesting

The only case I know of where an algorithm was actually backdoored was one of the random number generation schemes... The algorithm in question happens to be (IIRC) quite fast.
In other cases (DES I think??? I could be wrong.) the NSA recommended some oddball changes. No one could find a negative consequence of them so they went in - a decade or so later, it turns out that the original implementation of DES DID have a cryptographic flaw and the NSA recommendations fixed that.
Keep in mind there are two parts of the NSA, ones which have in many ways highly conflicting goals:
1) One part is tasked with compromising the information infrastructure of our enemies - these are the ones who keep on making the news these days
2) Another part is tasked with protecting our critical information infrastructure, especially with protecting data sensitive to national security. These are the people who do Type I crypto certification, worked on creating SELinux, etc. These rarely make the news but in general, from our perspective these are the good guys. You can tell that AES-256 is NOT backdoored by the NSA since they allow it to be used to protect classified information (NSA Suite B - you can assume anything in Suite B is solid since the NSA is using it themselves.)

--
retrorocket.o not found, launch anyway?
Re:Tin foil hat time by Lord+Crc · 2015-04-03 02:18 · Score: 4, Informative

There's talk that they influenced the decision of some recommended constants for Elliptic Curve Cryptography.
You'll want to use constants that ensures the cryptographic strength of the algorithm, so picking them are non-trivial and hence a recommended set was published. This is the same for most algorithms. AES has constants and they are part of what makes the algorithm AES and not some other variant.
Anyway, here's what Bruce Schneier said about ECC:

I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry.
https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929
And here's a nice background on ECC:
https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
Re:Tin foil hat time by AmiMoJo · 2015-04-03 02:26 · Score: 1

Snowden uses Truecrypt so if they have cracked it they are keeping it very quiet... Look at it this way, of you are less if a target than Snowden you are probably safe using it even if they do have a way in.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:Tin foil hat time by meta-monkey · 2015-04-03 02:27 · Score: 3

don't be an armchair cryptographer.
Why not? I'm really good at it. You will NEVER decrypt my armchair.

--
We don't have a state-run media we have a media-run state.
Re:Tin foil hat time by Anonymous Coward · 2015-04-03 02:55 · Score: 1

AES is an algorithm, and one that was created in Europe to boot, so I don't think there's any chance the NSA could have 'backdoored" it.
To be pedantic, AES is an algorithm created in the US.
It's (very heavily) based on Rijndael, which was created by two Belgian cryptographers. But there are some differences between the two.
Re:Tin foil hat time by chihowa · 2015-04-03 03:08 · Score: 3, Informative

The only case I know of where an algorithm was actually backdoored was one of the random number generation schemes... The algorithm in question happens to be (IIRC) quite fast.
The random number generator, Dual_EC_DRBG is actually very very slow. If it wasn't pushed so hard, nobody would willingly use it.

In other cases (DES I think??? I could be wrong.) the NSA recommended some oddball changes. No one could find a negative consequence of them so they went in - a decade or so later, it turns out that the original implementation of DES DID have a cryptographic flaw and the NSA recommendations fixed that.
In addition to fixing the S-boxes as you described, they also recommended reducing the key size, which made the algorithm weaker and shorter lived.
Dual_EC_DRBG was required for FIPS 140-2 certification, which is required for software that is used to protect sensitive-but-unclassfied information by the US government. So there is some conflict between the two goals above.

--
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Re:Tin foil hat time by swillden · 2015-04-03 03:21 · Score: 3, Informative

In other cases (DES I think??? I could be wrong.) the NSA recommended some oddball changes. No one could find a negative consequence of them so they went in - a decade or so later, it turns out that the original implementation of DES DID have a cryptographic flaw and the NSA recommendations fixed that.
Specifically, the S boxes (essentially some translation tables used in the algorithm) in the original design were vulnerable to linear cryptanalysis, which is a cryptanalytic technique that involves constructing systems of linear equations representing the transformations in key portions of the algorithm, then applying mathematical analysis to deduce key and/or plaintext bits. Linear cryptanalysis was unknown in the academic world at the time, but it was apparently known to the NSA. The NSA's changes made DES resistant to linear cryptanalysis.
However, the NSA also reduced the key size and block size from 128 bits to 56 and 64 bits, respectively. This likely made DES vulnerable to brute force attacks by particularly well-funded attackers (e.g., the NSA). Use of multiple DES operations in sequence overcomes this issue and Triple DES today is still considered to be quite strong. So, all in all, the NSA improved DES security. This isn't surprising because it was a core part of their mission; a mission that appears to have been deprecated in the post 9/11 world, but was still very important to the NSA in the 70s.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Re:Tin foil hat time by Opportunist · 2015-04-03 03:30 · Score: 2

'scuse me, but this here is mindless speculation. If you want serious discussion, take your time machine and set it for 1999.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Tin foil hat time by Opportunist · 2015-04-03 03:37 · Score: 3, Interesting

In theory, yes. I just think selling SELinux could be a bit hard. You see what's going on here with things where the NSA might have, allegedly, maybe, could have, possibly, considered influencing the potential eventual implementation of what could have become part of something they could use.
In SELinux there is no doubt about the NSA's involvement. It was one of the effin' selling points of the system.
Now, the whole deal looks good on paper (provided you find a Linux Guru willing and able to administer that monstrosity). But that nagging feeling remains: Do you want to trust a foreign intelligence service that has not allegedly, maybe, possibly spied with impunity on everyone and anyone domestic and abroad just as they feel like, but who has done that with proven certainty?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Tin foil hat time by david_thornley · 2015-04-03 06:20 · Score: 1

IIRC, recently, there were some constants the NSA suggested for elliptical-curve cryptography, and some informed speculation that the NSA might have a method of cracking that specific case. They fixed some problems with DES, but I think they were the ones who suggested the key length, which eventually turned out to be much too short. (Key lengths nowadays are typically 128 bits or more, and cannot be brute-forced with only the resources available in our Solar System.) Overall, I'd tend to trust NSA recommendations when they look reasonable, but I'm suspicious.

--
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes

Quote at bottom of my browser window by OzPeter · 2015-04-03 01:01 · Score: 3, Funny

Is this a deliberate choice of quote,or just randomly apropos?

You can fool all the people all of the time if the advertising is right and the budget is big enough. -- Joseph E. Levine

--
I am Slashdot. Are you Slashdot as well?

Re:Quote at bottom of my browser window by jones_supa · 2015-04-03 01:21 · Score: 1

I get the same quote.

Very gratifying to see by sasparillascott · 2015-04-03 01:14 · Score: 4, Informative

This was very reassuring to see and I'm very glad the audit was finished finally. The 2nd to the last version (v7.1a) is the gold standard for multi-platform encryption where you can be reasonably sure the NSA/FBI doesn't have a back door (or access to the keys) like they would with Bitlocker etc..

Re:NSA hat time by sasparillascott · 2015-04-03 01:20 · Score: 1

It's good to remember that the ones the NSA purposely weakened were flag by private experts as being suspect before they were even in place (so people avoided them) and then confirmed as being purposely weakened by the Snowden docs - so the bad ones were flagged - DuckDuckGo is your friend on that. You definitely wouldn't want to be doing the NSA's work though in spreading generalized FUD (fear, uncertainty, doubt) about this encryption application (so people don't use it) that was also pointed out as "secure" by Snowden.

WARNING: TrueCrypt propganda. by Anonymous Coward · 2015-04-03 01:24 · Score: 1

"time-boxed nature of the engagement prevented auditors from reviewing the source code in
its entirety"

"...as it is difficult to fully test code on multiple operating systems and configurations."

So in other words, they can't properly test the software and won't be able to.

So in other words, this story is misleading and seems more like propaganda to help bolster TrueCrypt's reputation.

Re:WARNING: TrueCrypt propganda. by lgw · 2015-04-03 02:34 · Score: 2

"time-boxed nature of the engagement prevented auditors from reviewing the source code in
its entirety, the most relevant areas were investigated thoroughly."
Was the actual quote. Those spring FUD are NSA shills. There were two specific areas they highlighted for more auditing: checking that memory was always securely wiped, and checking oddball disk sector sizes. I'd be surprised if the former were an issue, but they have a point. The latter is exactly the sort of place where bugs lurk, in my experience.
The most important thing they didn't audit, IMO, is the "hidden volumes" feature of TrueCrypt. I'm a bit skeptical of that myself, as steganography is in general a harder problem that cryptography. Hopefully another trusted group will continue the auditing effort via crowd funding.

--
Socialism: a lie told by totalitarians and believed by fools.

A trillion thanks to the TrueCrypt Developers by Anonymous Coward · 2015-04-03 01:26 · Score: 1

Whoever you are, you are fantastic people. You've helped millions of people worldwide protect their privacy. And you even had to bear some mentally diseased cretins accusing you of being NSA guys.

Thank you for the fantastic piece of software you have designed.

Please note... by dark.nebulae · 2015-04-03 01:28 · Score: 1

The NSA is monitoring this thread to identify all of you naysayers...

Re:Please note... by Anonymous Coward · 2015-04-03 02:44 · Score: 1

Yeah. We noticed you. We don't mind it, storage-wise, but looking through the material really is a hated task here -- if you could reduce the amount of midget gay BSDM you're consuming by just a little bit, we'd be grateful in perpetuity .

Regards,
-NSA
Re:Please note... by bill_mcgonigle · 2015-04-03 03:43 · Score: 1

Hey, some of us fully support their warrantless search capacity. The TrueCrypt developers' farewell message suggesting that Mac users create a disk image with a null cipher was especially good advice and not at all a warrant canary that they'd been pressured! There is no man behind the curtain, people!

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)

What if the backdoor is well hidden? by buck-yar · 2015-04-03 01:35 · Score: 4, Interesting

The shellshock bug went on for a long time with many eyes on the code. How do we know the auditors weren't outmatched and just missed the backdoor?

Re:What if the backdoor is well hidden? by squiggleslash · 2015-04-03 02:22 · Score: 4, Insightful

Who knows? On the other hand, the many eyes argument with ShellShock is dubious: most people who would have recognized it didn't realize the implications as they weren't looking at it from a security standpoint, and few people actually likely touched or had reason to view that part of the code.
This story, on the other hand, is about an actual security audit. In theory, it is more comprehensive, the researchers were looking for bugs, had a security background and agenda, and so would likely have picked up on ShellShock had it been Bash they were auditing rather than TrueCrypt.
I'm not suggesting there's no chance they've missed anything, but I am saying the process is considerably more thorough and less likely to make a mistake. Bear in mind TrueCrypt has had "many eyes" for a decade or so too. And "many eyes" did, eventually, pick up on ShellShock, it just took longer than anyone would hope.

--
You are not alone. This is not normal. None of this is normal.
Re:What if the backdoor is well hidden? by Anonymous Coward · 2015-04-03 02:26 · Score: 1

You are never going to "know". Ever. So you have to decide for yourself what is "good enough".
Re:What if the backdoor is well hidden? by Zappy · 2015-04-03 02:56 · Score: 1

you don't
Re:What if the backdoor is well hidden? by swillden · 2015-04-03 03:24 · Score: 1

So to you this couldn't have been anything but a perfect audit and if there was something, there was a 100% chance it would have been caught.
Naive, or NSA op
Reading comprehension fail. Please re-read this sentence from the GP:

I'm not suggesting there's no chance they've missed anything, but I am saying the process is considerably more thorough and less likely to make a mistake.
Absolute certainty is impossible, but audits like this do provide a basis for a reasonable belief that the security of TrueCrypt is good.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Re:What if the backdoor is well hidden? by Vitriol+Angst · 2015-04-03 04:34 · Score: 1

I suppose then you look at the compiler and the chips on the computer itself.
There are a number of cases where the Government has forced component manufacturers to embed designs on their silicone. Laser printers for instance; for "some reason" all PostScript rasterizing chips at one time could be turned into passive antennas to indicate their location -- and in the Desert Storm war, this allowed the US to find locations that MIGHT be military command centers (assuming a computer next to a printer). Maybe the antennas are still in laser printers. Or maybe the wires in $100 bills allow them to be tracked by remote scanners and be used as listening devices -- yeah, well, who would have thought 40 years ago that metallic ink could be used to create a simple game on a piece of cardboard? There's no reason we couldn't have a pack-man game that was powered by sugary cereal in milk, is there? And, by pointing two lasers at a solid object in a room through a window, it's possible to record whatever sounds occur in that room. So it's only a matter of whether there is an intention and the creativity employed in embedding every day objects to be used to gather information on us.
For instance, let's look at something that IS PROVABLE; if you have a color printer, print out a period in color at the top of the paper. It will go "zip" and then again "zip" near the bottom. In yellow ink, in very small type, you will see a code indicating your printer's registration number. Was that a feature for you, or to track the unwary? Maybe it's just because they were worried about counterfeiters printing out money -- but the point is, your camera, your printer, your MAC address on your computer are ways to identify whatever you make on them. If the device is recorded as being yours -- whatever you do on it is not anonymous to an outfit like the NSA.
The point is; we sit on top of an infrastructure that we ignore as long as it works. Any one of the components of the Internet Routers at CISCO, or the transceiver in your phone, or in your power supply are BELOW the encryption level we assume is the important message.
So as long as you are OK with your location and identity being known, and who you sent the message to -- then encryption may be working OR, all messages have a tag tacked on with the HTTP packet from some underlying bit of hardware that relays information to a router on the internet backbone and is always being sniffed. Maybe those "lost" packets or in the noise.
The point is; it's great that they searched TrueCrypt -- but not at the expense of giving up on being paranoid. If I can think of a dozen vectors to exploit - think of the people who are PAID to come up with new vectors.

--
>>"ad space available -- low rates!!!"
Re:What if the backdoor is well hidden? by Vitriol+Angst · 2015-04-03 05:05 · Score: 1

At the next Black Hat competition, they should really mix it up and have teams trying to embed spy-ware and decryption in lengthy and complex encryption code. Some code would be tainted, other code would be not, and some would just be shoddy so as to obscure the obscure.
It would be interesting to see how easy or hard it is to really catch nefarious code.
Because, unless you or someone working with you can understand EVERY line of code in a program -- and its dependancies, you can't really be sure.
The other thing is, you can have exploitable algorithms that can be manipulated. The "buffer overflow" -- where you stuff malicious code at the end of a command that has more data than the query was designed to handle is not based on malicious code in a program -- just an unforeseen and EXPLOITABLE feature.
To guarantee that a program is not exploitable is more difficult than to guarantee that there are no exploits. And an expert hacker, contributing code, might have done so with the expectation that the backdoor would one day be found. It's now more inconvenient, but perhaps one prime number salts all the random number generation, for instance, and knowing that would reduce the complexity of the pass code by orders of magnitude. Or, a specific string is always at a certain location in all messages after encryption, and the cracking can start by having to find a known 128 bit value in the halfway point of any array of encrypted data -- making the process a bit easier. None of those would yield consistent patterns that might be discovered, without knowing WHY each and every routine does what it does.
OR, you might have infected the compiler, and someone naming a variable; "ReallyGoodPasswordSalt" causes it to compile these little "cracking helpers" into any application that is built on them.
Then you might look a components of the computer executing the instructions. It's possible, for instance, that all INTEL chips or emulators, or maybe a chip from some tiny fab in Asia has a component on your computer that looks for some kind of code, or compiler directive, and embeds a hidden "cracker's helper" in whatever string passes through it. So a contributor, puts in some "good clean code" but they use specific variable names, or common routine calls in a certain order -- all it requires is a "pattern". The Developers don't look for these exploits, because it's not a normal business activity to have men in dark suits show up at an office and tell someone to "build this logic area into your silicon design." They never hear of such things. It's crazy to think of it.
People working at AT&T would have laughed at you if you told them that all the data over their backbone was just copied out -- they still might depending on their level of awareness. Why? Businesses that play ball get special treatment -- like a subcommittee in Congress drops a probe, or there's no lawsuits to break up a monopoly for a while. Whether you think that is nonsense or not, depending on electronics that no one person can know all the functions of means that exploits by an organized and well funded government organization, or maybe an NGO, have more places to hide.
How could we test for a hidden "poisoning" of code on devices we cannot fully guarantee? Perhaps when compiling, have an application take all the variables and libraries and give them new, random names, then compile. See if the same salt, same password, and same text after encryption ends up exactly the same way with both applications.
Try sending out various lengths of encrypted messages from various devices (that are the same), and compare them coming from different equipment, times and locations -- they SHOULD BE the same. If they are not, or the HTTP packets have some unexplained padding and/or different byte lengths, perhaps there is unexplained messaging going on from the devices and not the software.
I'm not in software security, but I do have a devious mind, and if I can think of a way to make encryption more crackable, then others can.

--
>>"ad space available -- low rates!!!"

Re:A qualified statement by plover · 2015-04-03 01:36 · Score: 1

They didn't qualify it at all. That was the editor who wrote the story, and the Slashdot editor who quoted the story. Neither quoted it from the report. https://opencryptoaudit.org/re...

--
John

Their audit doesn't matter... by frank_adrian314159 · 2015-04-03 01:47 · Score: 3, Interesting

If this hadn't been done ten years before he talked about, it's been done by now. They have everything they want. Live accordingly.

--
That is all.

Re:Their audit doesn't matter... by swillden · 2015-04-03 03:31 · Score: 2

If this hadn't been done ten years before he talked about, it's been done by now. They have everything they want. Live accordingly.
Fortunately, we know how to counter that threat.
It also seems pretty unlikely that the NSA had enough foresight to get VC++ instrumented to subvert TrueCrypt. It's not impossible, but there have been a lot of similar tools over the years, and I don't think the compilers could have been modified to subvert all of them.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Re:Their audit doesn't matter... by david_thornley · 2015-04-03 06:27 · Score: 1

That trick only works if you've got only one compiler. You can detect it and nullify it if you have two independent compilers for the same language. Neither of the two have to be fully trusted, but you do have to assume they're not in cahoots with each other.

--
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes

obvious logic by slashmydots · 2015-04-03 01:49 · Score: 3, Insightful

Everyone kept saying they would find a backdoor. Don't you think that logically the NSA shut down the project because they couldn't find a backdoor in it? They would have left it alone if it had an NSA backdoor in it.

Why the mysterious end of TrueCrypt development? by derideri · 2015-04-03 03:06 · Score: 1

Last year when TrueCrypt developers suddenly threw in the towel, everyone assumed it was because TrueCrypt had been forced been subverted by the NSA, similar to Lavabit. If that's not the case though, as the audit suggests, then why did the developers suddenly quit?

Re:Of course, if there -was- an NSA backdoor by beernutmark · 2015-04-03 03:13 · Score: 2

In that case they would simply say "We have finished our audit." and leave it at that. The implications would be clear.

Re:Why the mysterious end of TrueCrypt development by Anonymous Coward · 2015-04-03 03:28 · Score: 1

It's a reasonable assumption that the TrueCrypt developers were pressured to subvert the project, but shut it down instead. As you said, similar to Lavabit; recall that Ladar didn't give the Feds what they wanted, he shut down the service rather than compromise his users. I think the same thing happened with Truecrypt.

The audit suggests that no NSA backdoor actually made it into the product. It's still very likely that the gov't tried to force a backdoor, and the developers' response was to abandon ship.

Mr Tinfoil and proud of it. by AftanGustur · 2015-04-03 08:01 · Score: 1

Don't forget that about 20 years ago NSA was introducing flaws by exploiting bugs in the compilers.

I doubt a code-review would find any of these.

--
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc

NIST Curves are not safe by psyclone · 2015-04-03 08:10 · Score: 1

Focusing on NIST and the NSA

Choose a safer curve

DDC works for free compilers by tepples · 2015-04-07 03:03 · Score: 1

That's detectable.

Only if the compiler is free software. David A. Wheeler's diverse double-compiling construction requires the compiler's source code. It can provide strong evidence of freedom from "trusting trust"-type attacks for something like Clang, GCC, or Tiny C Compiler, but not for something proprietary such as Visual C++.

Conflict of interest by tepples · 2015-04-07 03:11 · Score: 1

Fortunately, we know how to counter that threat.

Only Microsoft has the ability to counter that threat because only Microsoft owns a lawfully made copy of the source code to Visual C++. Microsoft also has an interest to promote BitLocker over TrueCrypt.

Re:Conflict of interest by swillden · 2015-04-07 04:48 · Score: 1

Another option is to build TrueCrypt with a different compiler. There is ongoing work to do that.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.

Slashdot Mirror

TrueCrypt Audit: No NSA Backdoors

80 of 142 comments (clear)