TrueCrypt Alternatives Step Up Post-Cryptanalysis

msm1267 writes: What's next for TrueCrypt now that a two-phase audit of the code and its cryptography uncovered a few critical vulnerabilities, but no backdoors? Two alternative open source encryption projects forked TrueCrypt once its developers decided to abandon the project in early 2014, giving rise to VeraCrypt and CipherShed — and both are ready to accelerate growth, compatibility and functionality now that the TrueCrypt code has been given a relatively clean bill of health.

good job

[slashmydots]

So the NSA or whatever succeeded in turning one software program into two. Good job, guys. They're probably foreign-managed too so the US gov can't touch them.

Re:good job

[blackomegax]

5/5 Insightful /s

Re:good job

[SuricouRaven]

You're jumping to conclusions. The strong-arm-government theory is certainly plausible - it explains the outright weird exit of the developers, as if they wanted to signal something was going on but were under legal threat. That doesn't have to mean the NSA though: The developers might not be in the US, and there are plenty of other governments who might also exert pressure to subvert a project like truecrypt. Most of them, even. They are probably in an English-speaking country, so it might have been the work of the UK, Australia or Canada, all of whome have joint operations with the US as well as domestic internet-monitoring agencies. Even if it was the US, it might not have been the NSA: It may well have been another agency, or even some low-level investigator working on a specific case who exceeded his authority and resorted to threats and intimidation after finding a truecrypt drive blocking progress in whatever case he was assigned to.

Re:good job

[gsslay]

How do you know they aren't US gov managed?

Relatively clean?

[GayLinuxUser]

What exactly does that mean? Granted, I don't use TrueCrypt but lately I've felt the need to encrypt some of my private emails and videos.

Re:Relatively clean?

[mcl630]

It means they didn't find any backdoors, and the four vulnerabilities that were found weren't critical (despite what the summary incorrectly says).

Re:Relatively clean?

[Tumbleweed]

What exactly does that mean? Granted, I don't use TrueCrypt but lately I've felt the need to encrypt some of my private emails and videos.

My reading of the results is that while no backdoors were found, there were some vulnerabilities found, which are being addressed in the forked projects. That's about as good as could be expected, really, since all software has bugs.

Re:Relatively clean?

[Gr8Apes]

There's only 3 issues for me, as I don't run windows.

So what are people using anyway?

[Resol]

I've been using TrueCrypt for a long while (in fact still do), but I'm interested in what others use and their justification for its use? (e.g why?) I'm certainly not expert enough to audit any code myself, so I eventually have to just trust something.

Re:So what are people using anyway?

I use truecrypt still also. Why? Because it's the only product that's been so thoroughly tested. And I'm not changing until I find something with the same level of testing.

It's obvious to me that the truecrypt project was shutdown at the governments coercion. Truecrypt provides undefeatable security if used correctly.

Not only that, but it stops the hard drive firmware attacks that look for a magic word.

Re:So what are people using anyway?

[Resol]

Interesting, perhaps its the way I use it I don't need full disk encryption. Most of the stuff I consider important and confidential is pretty small (tax return files, bank statements, etc.) What I need is small virtual disks that are encrypted so that I can easily move them around and access them. Perhaps it's extra naive of me, but I put a small true crypt archive on a server that I trust, and can then mount it from there on Linux, Windows, Mac, and iOS (I actually still have an operational NeXTStation, but I don't think there's a true crypt for that.) Maybe there's a better approach for what I'm doing?

Re:So what are people using anyway?

[mlts]

I like having all of the above:

All disks encrypted, which is mainly so the meth-head who breaks in and grabs the hardware doesn't have access to the data. Hardware can be claimed on insurance. Data opens up blackmail, extortion, and many other avenues.

Encrypted VMs as a way to isolate programs from each other, where I can keep my Quicken/QuickBooks in a VM, move it between computers when needed. Backup? Burn the .vmdk or the .vhdx to a BD-R disk.

File based encrypted volumes as a way of stashing client projects, as well as stashing document backups by date before burning to CD.

Of course, it would be nice to have encrypted archives as well, when one doesn't need to hide the length of the files. PGP Zip covers this, but it would be nice to have a higher level of compression like xz, bzip2, or LZMA, as well as the ability to add an ECC record (similar to WinRAR), so if an archive is damaged, it has a chance of being able to be completely repaired.

Re:So what are people using anyway?

[Iamthecheese]

Truecrypt is very popular, (more eyes and faster bugfixes) user friendly, and is the ONLY audited, open-source software with its features. I don't see any reason to use something else.

Re:So what are people using anyway?

[fisted]

Not only that, but it stops the hard drive firmware attacks that look for a magic word.

What?

Re:So what are people using anyway?

[SuricouRaven]

If you compromise a drive firmware, what do you do with it? There's nothing much you can do to get data out, but one speculation is it could be used for a remotely triggerable DoS attack: If the drive detects a key phrase (likely a 128- or 192-bit sequence) written, it locks up or self-erases. Easy enough to, say, put the sequence into a URL so a web-server will log it, or send it to an email server. The ability to trigger such would be a powerful first-strike attack in any major conflict, and a good way to cover up a more conventional infiltration: Fake a drive failure to destroy evidence. There's no evidence any drive has ever been made like this, but with governments now getting involved in this 'cyber war' business such exotic threats are increasingly a concern. It's not beyond plausability that a government might lean on a hard drive manufacturer to include such a remote-destruct feature - remember that the NSA leaks have already revealed an NSA practice of intercepting network hardware en route to high value targets so they can install backdoors before it arrives.

Re:So what are people using anyway?

[Bob+the+Super+Hamste]

Well I still use it. I like it because it is fairly simple to use and very portable. I have a few TrueCrypt files that store info I would rather not become public (scanned tax documents, financial docs, scanned identity docs, other important docs) but would like to have an easy electronic access to if out somewhere. Also since a TrueCrypt volume is just a file I can easily back them up and move them. So I have the main files on my computer, keep a backup of them in the safe on a USB drive, have another backup on USB in my desk drawer and can drop the binaries and installer for windows, mac and Linux on the same USB drive. At work it has also been used to protect data sent through the mail to a fairly paranoid customer (it is justified paranoia), where we will send them a DVD that contains a TrueCrypt volume that has what ever they were getting and when it arrives they will call back here and get the password to open it.

Better question than "what's next"

[pla]

Instead of asking "what now", doesn't anyone wonder why TC chose to self-destruct, invoking its own canary and refusing to let anyone keep the name?

If the devs just wanted out, they could have passed on the name to a blessed successor. Even if they wanted to act petty and protect the name for no good reason, they didn't need to invoke their canary. Something about this just doesn't make a whole lot of sense.

Hmm, if we question whether or not we can trust that the NSA didn't get to the original devs... How can we trust that they didn't get to the auditors? "Yup, all clear! Enjoy! (Can I have my kids back now, Mr. Suit?)"

Re:Better question than "what's next"

[bigfinger76]

That dead horse has had about enough, that's why. Try googling it, as there's plenty of speculation out there. But in light of the fact that the TC devs have been silent, speculation is all you're going to get.

Re:Better question than "what's next"

[ajegwu]

Yeah, I've been thinking that the way they went out is a lot more perplexing now that the audit came up clean.

Re:Better question than "what's next"

[gurps_npc]

Because they did NOT get to the original devs - they tried and FAILED. The devs refused to bow down to their orders and shut down the project.

Getting to the auditors is harder than getting to the devs, because anyone can be the auditor.

The thing about a free society is that the fact that we find out about the tyranny. That makes paranoid fools think their is more tyranny going on. But the truth is that real tyranny hides.

In North Korea, they would not have shut down the the devs, the devs would have put the back door in and kept their mouth shut.

Here in the free world, the devs say no and shut it down, because we have more freedom than they do.

Re:Better question than "what's next"

[UnknownSoldier]

> The devs refused to bow down to their orders and shut down the project.
> Here in the free world, the devs say no and shut it down, because we have more freedom than they do.

Huh?

Cognitive dissonance much??

You are going to argue they have _more_ freedom yet under duress they complied? How the fuck is this "more" freedom??

**IF** they had this mythical freedom you claim then the original TrueCrypt devs would NOT have felt the need to shut it down.

The only think the TrueCrypt devs showed is that they have no balls against bad laws.

Re:Better question than "what's next"

[godel_56]

Instead of asking "what now", doesn't anyone wonder why TC chose to self-destruct, invoking its own canary and refusing to let anyone keep the name? If the devs just wanted out, they could have passed on the name to a blessed successor. Even if they wanted to act petty and protect the name for no good reason, they didn't need to invoke their canary. Something about this just doesn't make a whole lot of sense. Hmm, if we question whether or not we can trust that the NSA didn't get to the original devs... How can we trust that they didn't get to the auditors? "Yup, all clear! Enjoy! (Can I have my kids back now, Mr. Suit?)"

We'll never know for certain but one theory is that, being just a couple of developers doing it in their own time for no money, and perhaps with family and other concerns, they just got sick of it. However it would have been nice if the bastards could have at least given us a clue as to why they left.

One big disappointment for me is that the audit did not cover the plausible deniability function of Truecrypt, something that could be crucial if you live in an authoritarian right wing state — such as the UK.

Re:Better question than "what's next"

[gurps_npc]

They did NOT comply.

The order was not "shut down" - the US government is not stupid enough to give that order. It's against the basic principles of Capitalist Republic Democracy.

Any non-psychotic person can easily tell that the NSA went up to them and said:

"Hey, you TrueCrypt people, making a safe, un-crackable encryption system? You are going to put in a back door to let us, the NSA in - and you are NOT going to tell anyone about our order or you will go to jail."

The order the NSA gave was legal. The true crypt devs are law abiding people. But they weren't going to obey the NSA. So the True Crypt Devs said "Screw that shit, we shut down."

You on the other hand are a wanker that thinks normal people - who are not anywhere near wealthy enough to defend themselves against the full might of a TREASON charge - should go to jail just to keep you happy! Because that's all it would have done - the court would have shut down TrueCrypt and put everyone in jail. Look what they did to Snowden.

Stop screaming at other people for not standing up for your principles.

Re:Better question than "what's next"

[X0563511]

Would you concur that 0.6 is larger than 0.5? Then why do you have a hard time understanding what gurps wrote?

Re:Better question than "what's next"

[tlhIngan]

"Hey, you TrueCrypt people, making a safe, un-crackable encryption system? You are going to put in a back door to let us, the NSA in - and you are NOT going to tell anyone about our order or you will go to jail."

The order the NSA gave was legal. The true crypt devs are law abiding people. But they weren't going to obey the NSA. So the True Crypt Devs said "Screw that shit, we shut down."

And how do you propose the Truecrypt devs do that?

Remember, TrueCrypt is open-source. Anyone can go and diff the sources between versions. Just like the auditors went and took the source and compared it with the binaries.

So you're going to tell me the TrueCrypt devs could somehow insert an NSA backdoor without telling anyone? Even the NSA isn't THAT stupid - people will compare the source vs. binaries, and people will diff the source between revisions.

There is no way to hide a change in TrueCrypt. They could simply not tell anyone about the NSA order, but the source code will have the change clear as day in it. Or if it doesn't, and the binaries do, there's nothing to stop anyone from compiling the source code and having a NSA-free version.

In this case, complying with the NSA would be far better because it'll reveal the true intentions. And no, they can rewrite the repository history all they want, someone will still have a copy of the old source code, and you can diff it against the current. Unless you believe the NSA has special hard drive rewriting magic that'll seek out every source code copy and replace it with the altered version. Across all formats, filesystems, RAID, CD/DVD/Blu-Ray (even pressed), etc.

Sorry, I don't buy that argument.

The only real possibility is there is an NSA backdoor already in the code that's been there a LONG time and buried way back in diffs long forgotten. Except the audit came back clean, which means it has to be hidden very well, and probably there since day 1.

As much as I'm a fan of conspiracy theories, this one is way too easy to disprove.

Remember, we know the last "good" version of TrueCrypt - the source code produced the binaries - the audit has proven that, and the audit has a copy of those verified source and binaries. And the audit can easily re-verify that fact. Sure you can do the whole "what about the compiler doing it" which is probably true for Microsoft and Apple, but Linux is more complex (it would have to be hidden in GCC for a long while now). And it's still not invulnerable to looking at the assembly code (you can compile it debug, optimizations off if you want to make it even easier to trace). If the compiler fails to introduce the hole at any point, it'll be noticed.

The source code diffs would easily show questionable changes as well.

There is no where the NSA could hide this, except at the very beginning of time. And perhaps it's why the TrueCrypt devs quit because the audit would reveal it.

In which case, the clean bill of heath for the audit is now questionable.

Re:Better question than "what's next"

[Anonymous+Psychopath]

It's also possible, and possibly more likely, that the devs simply abandoned the project because they couldn't or didn't want to put any more time into it. There's literally zero information about why they pulled the plug.

The devs of both the forks referenced in TFS have said the TC source contains a lot of problematic code. CypherShed has said they think the NCC audit wasn't detailed enough and was too high level to uncover all the issues.

Re:Better question than "what's next"

[Kjella]

You on the other hand are a wanker that thinks normal people - who are not anywhere near wealthy enough to defend themselves against the full might of a TREASON charge

Not even Snowden is going to be charged with that:

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.

Of course they have a fair selection of others if they want to "throw the book" at you, unless you end up at Gitmo for waterboarding instead. But you get that one fig leaf to cover behind at least.

Re:Better question than "what's next"

[Lord+Apathy]

Instead of asking "what now", doesn't anyone wonder why TC chose to self-destruct, invoking its own canary and refusing to let anyone keep the name?

I don't see why anyone should bow down to what the original developers wanted. They walked away from the project so the name and the code should be up for grab.

Anyone want to pick up where they left off and use the name truecrypt should go right ahead and do so. What are the original devs going to do? Sue them?

Re:Better question than "what's next"

[Fencepost]

It's even possible that the (anonymous, uncompensated) devs were looking at all the crap they were going to have to change and deal with as a result of UEFI, signed bootloaders, etc. and otherwise increasingly restricted hardware and said "screw this, I have kids now, maybe my own startup, I have a ton of things I can spend my time on that are just as satisfying and that I don't have to avoid talking about with anyone."

Re:Better question than "what's next"

[rahvin112]

Most of the time the simplest answer is the correct one.

We have a project that hadn't seen an update in years, all development effort had stopped and the people behind it were basically gone.

On one hand you have a claim of an order to backdoor the software that hasn't seen an update in ages. An order that contrary to your claim would NOT be legal.

On the other hand you have a claim that the software developers basically realized that unmaintained software is more dangerous than no software because it implies trust that isn't there. So being the responsible group they are they shutdown the project so people don't rely on code and servers that's probably exploitable (and the audit shows it was) because they aren't working on it anymore.

Of those two answers the simplest is not the illegal order to backdoor the software. But feel free to keep your tinfoil hat on while you sling shit around.

Re:Better question than "what's next"

[gurps_npc]

Your solution does not explain why they wouldn't SAY that's what they were doing and why.

As such your simplest explanation fails badly.

My explanation may be wrong - but it not tinfoil hat. The NSA has done far worse things than illegally put back doors into software. More importantly, I was using overly specific example to convince a real tin-foil hat guy that he was crazy. I don't claim to know the specifics - I don't know if it was the NSA or some other agency, nor do I know the specific order. But it was in keeping with how the US and similar espionage agencies work. Minimal effort, only a threat of legal actions, probably an appeal to patriotism.

Re:Better question than "what's next"

[dcollins117]

It's possible, but why not then put a one line message on their web page that said they grew tired on the project and no longer wish to develop it.

That's not what they did. They put up a page that said "ZOMG this is insecure don't use it!" then disappeared.

No matter how you look at it, that's not someone you can trust to keep your data secure.

Re:Better question than "what's next"

[rahvin112]

Baloney. They were concerned about security, they were shutting down a security related project. The logical "explanation" is to point people at the other solutions that exist to provide the same functionality. Like most logical people they probably figured people would take them at their word and not play pseudo conspiracy theory with why they quit. But like most logical people they failed to take into account the wacko's like you that would read a conspiracy theory into a clean shutdown.

What you suggested as an "answer" is reaching so far into tin foil land that I'm not surprised you don't see it. What you suggest isn't legal and the NSA is very very adept at following the law, the problem for all of us is the law and courts allow them to do a lot of things people don't like but that doesn't change the fact that what you suggest is illegal and no court would allow it. You probably want to point at Lavabit but that wasn't the NSA, it was the FBI being all club fisted. See the entire problem with your conspiracy theory is that they could have just did what Lavabit did and shut everything down and announced why. There is absolutely nothing that would have prevented them from saying why they shut it down after all they were anonymous and might not even be Americans. There is no legitimate explanation, that isn't in tin foil land, for why they wouldn't say they were doing it because it was compromised if it had been.

The NSA isn't out to get Truecrypt. They probably didn't even care about it because they had already researched and found the vulnerabilities that the audit project found and knew with certainty that they could exploit it if needed. That's how the NSA works, they find vulnerabilities then don't tell anyone about them. It's all over the Snowden revelations. But you tune that out because it doesn't fit your conspiracy theory.

You are right out there wearing your tinfoil hat. Deny it all you want but you've created a completely illogical explanation that's extremely complex to explain something that isn't that complex. Your answer simply doesn't meet Occams razor, deal with it. Accept that you want this to be a conspiracy and move on.

Re:Better question than "what's next"

[dotancohen]

The NSA did this with RSA, as well. Well, they had to bribe RSA with $10,000 but their code went in.

Oh, and GP should become familiar with the obfuscated C contest:
http://www.ioccc.org/

Re:Better question than "what's next"

[david_thornley]

You seem to be assuming that TrueCrypt was based in the US. I don't think we can make that assumption.

As far as I know, the NSA tries to abide by the law, but I'm not convinced it does all the time, even the tortured interpretations of the law they use. I certainly wouldn't trust anybody in the NSA if they denied it. Nor, if it was in the US, was it necessarily the NSA. The FBI might have pressured them, like they did LavaBit. The government may not have had a legal leg to stand on, but that doesn't mean it can't make life very difficult for particular people without invoking the criminal justice system.

If TrueCrypt was based in another country, we're really guessing on the laws or authorities involved (and we have to bring the CIA in as a possible actor). It's very plausible that some authority somewhere pressured the TrueCrypt developers to the point where they were unable or unwilling to resist.

The developers wrote a final version that would only decrypt, and said the earlier software was insecure. It's been audited now, and has come out about as well as I'd expect any security software to do. They said nothing about why they were abandoning the project, which is something I'd expect. I think it's likely a hint that they couldn't give the real reason.

We have a security product project end under odd circumstances, and we know of various authorities that would like it shut down (some because they explicitly say that unbreakable crypto is a Bad Thing). We have plausible scenarios as to how it may have happened. We don't have evidence to know why, but I think we have adequate evidence not to rule out the government pressure hypothesis yet.

Re:Licensing?

[mrchaotica]

IIRC, it was a "you can fork it, but you can't call the fork 'TrueCrypt'" kind of deal -- which is why the new versions in TFS have different names.

Re:Licensing?

[CritterNYC]

The TrueCrypt licensing doesn't permit relicensing and is incompatible with all OSI licenses, including the 'anti-GPL' MsPL license that VeraCrypt chose.

Is it over?

[hyperar]

Did they finished the Step 2 of the analysis?, it's weird, i didn't see it anywhere.

How do you change ?

[dargaud]

So, how retro-compatible are they ? Can you take any kind of TC container (file or device) and open it into those newcomers ? Or do you have to transfer the content into a new container ?

Re:How do you change ?

[The+MAZZTer]

VeraCrypt is incompatible with TrueCrypt containers (and vice versa).

Also, VeraCrypt apparently beefs up the security, which results in containers taking minutes to mount instead of seconds. Argh.

Re:How do you change ?

[cfalcon]

The big thing here is that none of these files have a header- if they did, they wouldn't be indistinguishable from randomized data. When you type in a key, it uses a hash over a certain number of repetitions (a lower number for truecrypt, a massive one for veracrypt). It then tests the hashed key. If this fails... it tries with the next possible hashing algo. It goes strictly in order- there's no way to say "just use Whirlpool" or whatever. So if you chose a hash further down the list, you are waiting for all the hashes. In TC, this wasn't many, in VC, it's a whole lot.

A single button on the UI to choose which one to try first would really make these open much faster.

Re:How do you change ?

[DiSKiLLeR]

Not true; the latest version of veracrypt CAN open old truecrypt containers and volumes. But yes, the older format is less secure.

Re:How do you change ?

[Steve+B]

The latest versions of VeraCrypt can mount TrueCrypt containers. They also allow you to select the hash algorithm (instead of autodetecting) when mounting disks, which speeds up the process (I've never found it to take more than 15 seconds on a six-year-old computer).

Re: Licensing?

[bill_mcgonigle]

Exactly - any claims are unenforceable. Whoever calls their fork "truecrypt" will have more success.

So which should i use?

[hyperar]

Which should i use?

Re:So which should i use?

[OutOnARock]

Yes, should I use a VeraCrypt container encrypted by CipherShed...

...or a CipherShed container encrypted by VeraCrypt?

Re:They can hire a lawyer ...

[youngatheart]

Yeah, they could if they wanted to, and if they had the money to get the ball rolling, but.... I'm not convinced they want to keep it from being forked. I got the feeling that TrueCrypt was basically a labor of love where the creators wanted to keep control of it and avoid exposing themselves to getting strong-armed into building in back doors.

If you could ask them and get an honest answer, I suspect they'd tell you that government agencies figured out who they were. I think those agencies came to them and told them that they had no choice but to compromise the security "for the sake of the children." I think that's when they decided it was best to just exit rather than fight. I think that if they were given a choice between compromising their work intentionally and seeing other people take over, they'd support other people taking over even if they couldn't publicly endorse the efforts.

That's all conjecture of course, but as a long time fan of their work and someone who listened to many analyses of their exit from the stage, I'm moderately confident in my guesses.

Re:Licensing?

[Fencepost]

I believe there were more restrictions than that, however in order to go after infringers the actual owners of TC would have to come forward in some way that would make them identifiable and they've shown no interest in ever doing so.

Re:Licensing?

[rahvin112]

There is a legitimate argument that the real authors won't step forward and enforce their copyright because they would reveal their identity.

I think that is a pretty good chance personally as long as no one is making money. But if one of these companies tries to make money on this I think there is pretty high odds the original developers will step out of the shadows with their hand out.

Re:Licensing?

[WuphonsReach]

Just because you can get away with something doesn't make it moral and/or legal and/or a good business decision.

Re:They can hire a lawyer ...

I came to exactly the same conclusion when the their final, crippled version was released. They honorably committed seppuku rather than submitting to demands to add a backdoor. The fact that they felt like these were their only two options is quite alarming though...

Also at the time I felt it was quite likely that truecrypt wasn't broken - if they already had access, they would have left the developers alone.

Re:No audits until now

[Maritz]

That and the fact the version numbers once they hit 2.0 went up by 1 whole number every couple months always showed they were after fame more than openness.

You don't think their anonymity is relevant to this comment? They're famous are they?

Re:They can hire a lawyer ...

Why should the developers acquiesce to any "backdoor" demands from any organisation including the government? Software developers have become boot-licking collaborators acting in concert with privacy-destroying governments.

This just shows your ignorance about the amount of effort required to resist government demands. Hell, the NSA has been a pain in the ass since the PhasorPhone incident.

If any of them were in the US, expect the pressure to be intense. If they were in certain other allied countries such as the UK, the GCHQ acting with their government would likely be worse.

Re:Licensing?

[eepr0m]

I don't know that anyone would want to work with the fragmented, disorganized code base. There's also the distinct possibility that the original authors wouldn't come out from the shadows, opting to engage in extrajudicial means of handling such a conflict instead.

Hail Hydra!

[BadPirate]

Cut off one head and two will emerge!