TrueCrypt Safer Than Previously Thought

An anonymous reader writes: Back in September, members of Google's Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt's code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have "far-reaching access to the system," with which they could do far worse things than exploit an obscure vulnerability.

The auditors say, "It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure." For other uses, the software "does what it's designed for," despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail.

TrueCrypticles!

TrueCrypticles, scripticles.

Re: TrueCrypticles!

So some people actually thought disk encryption is safe even if an attacker has access to the system? How so? I mean.... if you leave your front door unlocked it is apparently such that anyone else can enter without a key. I guess tat's an obvious fact that most people would agree so why then is not apparent that an unlocked encrypted disk is accessible to anyone that is logged into the system? Seriously that eludes me.

Re: TrueCrypticles!

[Kjella]

So some people actually thought disk encryption is safe even if an attacker has access to the system? How so? I mean.... if you leave your front door unlocked it is apparently such that anyone else can enter without a key. I guess tat's an obvious fact that most people would agree so why then is not apparent that an unlocked encrypted disk is accessible to anyone that is logged into the system? Seriously that eludes me.

Not access to the system, access to the front door. They can't break down the door, but they can tamper with it so the next time you unlock it they copy the key or slip in with you. Which means the door isn't sufficient, but the remaining threats aren't the fault of the door. It does its job of staying locked until someone presents the right key.

Re: TrueCrypticles!

So some people actually thought disk encryption is safe even if an attacker has [software] access to the [running] system?

Yes. To the majority of computer users, the word "encryption" is a magic panacea. Even to some IT folk, encryption is voodoo magic that they only use as a checkmark on their purchases or checklists. Understanding how it works is left for eggheads.

With all respect to Fraunhofer

If I follow the money, this was an audit for the German government, and it's clear what they'd want the public to hear if the answer were otherwise.

An independent audit is done by /and/ for a disinterested party.

Re:With all respect to Fraunhofer

[aaaaaaargh!]

LOL. What kind of "disinterested party" would pay thousands of dollars for a code audit?

BTW, I'd rather trust the last official version of Truecrypt (with correct checksums) than any binary downloaded from the Veracrypt website. Just saying...

Re:With all respect to Fraunhofer

P.S:: By "last official" I mean Truecrypt 7.1a, not the crippled version for deciphering only that was published later, of course.

Re:With all respect to Fraunhofer

[Kjella]

As long as there's somebody with an agenda, there is always the chance for foul play. If the EFF (fairly impeccable impartiality) ordered a review by a US security expert (also with impeccable impartiality) many would suspect the NSA of issuing a NSL instructing the researcher to give it a clean bill of health. Unless you've done it yourself there's always room for a conspiracy theory like the NWO controlling both the US and German governments and then some to suppress the truth. And there's also matters like competency, a totally legit audit might fail to see a cleverly hidden backdoor. Fortunately they're not mutually exclusive so you can look at the totality and estimate how likely it is that everybody's lying or if that there really was a backdoor that someone would have found it and told about it. Usually there's somebody with integrity who thinks the public needs to know, maybe not outing themselves like Snowden but I think someone, somewhere would have dropped an anonymous hint on where to look. Personally I'm getting more and more convinced the infamous 7.2 release was because they were being forced to implement a backdoor, not to warn of an existing one. That 7.1a was simply too good for our Orwellian overlords, which I don't welcome.

Re:With all respect to Fraunhofer

[bytesex]

It was done by Fraunhofer. Unlike the German government (which, admittedly, they are close to), they have a reputation they care about.

Re:With all respect to Fraunhofer

The NSA and FBI can just sneak in your house and put up cameras while you away. They don't honestly need high tech electronic surveillance.

Either your a target or your not, the goal it to not be a target because if you are then nothing short of your death will secure you from clandestine agencies with the power wiretap and insert backdoors at every level of the chain.

If the NSA cared that much they would just contract China to build remote screen capture into every monitor. Do it at the lowest hardware level and all your software on top can't protect you anyway.

A backdoor in Truecrypt wouldn't be as useful as you think unless it also was programmed to alert agencies of people storing illegal content. They would basically need a backdoor to the whole OS to really make that useful.

The proof is in the pudding. If governments had that much power they'd be a lot better at preventing mass crime. They'd have stopped Snowden before he got anywhere, yet they were mostly obvlious even in their own network. That gives you a good relative idea of the true sophistication of the NSA without having to resort to silly conspiracy bullshit that ultimately makes everyone less safe via sheer speculation.

To the former TrueCrypt developers

Whoever you are, wherever you are: Thank You for developing an amazing piece of software and releasing it (and the source code) for free. You improved the right to privacy of millions of people around the world.

There have been dozens of stupid, vulgar and insulting conspiracy theories about them ("Oh, they are NSA agents!"), the reality is that they must be generous and intelligent people, very rare in today's world.

Re:To the former TrueCrypt developers

Also, thank you for the canary, even when you did not set it up properly. (You should have had!)

So far VeraCrypt is looking good, but I think I stick with TrueCrypt 7.1a for a while.

Re:To the former TrueCrypt developers

[mlts]

Agreed. I also have nothing but respect for the TrueCrypt forum members as well, which had some highly intelligent discussions.

What TrueCrypt brought to the table which few other programs do is the cross platform compatibility, where I can have a TC container created on a Linux box able to be opened and used on a Mac or a Windows machine. There are other utilities like FreeOTFE, but TrueCrypt was well maintained, and the hidden volume functionality is quite useful, especially for someone on a business trip who travels abroad.

I'm hoping VeraCrypt is able to keep up TrueCrypt's legacy, because TrueCrypt definitely has a niche that few other products can fill. There are commercial products like BestCrypt [1] and DriveCrypt which have similar functionality, but TC has been audited, and the source code has seen scrutiny.

[1]: Jetico's BestCrypt is a good commercial product. Before TC, this is something I used for containers as well as FDE.

Oh, bore off

This is not the first TrueCrypt's audit (no, I'm not linking the others, search for them), nobody has ever found critical flaws in it, as long as one understands what TrueCrypt's "threat model" is. Obviously TrueCrypt won't save anyone from the stupidity of leaving a computer with mounted encrypted volumes physically avaliable to everyone.

For what I use it for I suspect it's plenty safe.

My biggest interest in using TrueCrypt or VeraCrypt is to secure portable drives I use for backup. In particular, because I want my most important documents to survive any catastrophe at home, I keep a backup on an encrypted flash drive I take with me whenever I leave the house. My hope is that if I lose that drive for some reason, only state-level actors would have any chance of success decrypting the volume, and they're not the people I'm trying to secure my data from. I'm more concerned that any mugger or pickpocket or average Joe who gets my drive will see nothing but an unformatted USB stick, and have no real incentive or ability to prod any further.

Sure when the drive is mounted and unlocked on an active system there are possibly vulnerabilities, but in that scenario (an intruder in my home? a police raid?) I have bigger problems to worry about.

newer replacement for TrueCrypt users

[Idisagree]

Truecrypt was great in the day, but it has been superseded:

"VeraCrypt is a free disk encryption software brought to you by IDRIX (https://www.idrix.fr) and that is based on TrueCrypt 7.1a."

https://veracrypt.codeplex.com...

Re:newer replacement for TrueCrypt users

[mrchaotica]

Weren't there (at least) two different TrueCrypt replacements? Did they get consolidated into VeraCrypt, or are there other choices still out there?

Re:newer replacement for TrueCrypt users

Not trustworthy, if you ask me. If you review the code yourself and compile it yourself, it's okay. Otherwise, not.

Re:newer replacement for TrueCrypt users

[bigfinger76]

CipherShed is another fork.
https://ciphershed.org/

Re:newer replacement for TrueCrypt users

[Malc]

Any idea whether they've fixed the performance issues with TrueCrypt? I tried to use it to secure some large customer movie files (e.g. 75 - 250 GB range) and found that when writing these files that it gets slower and slower, from tens of MB/s dropping steadily down to KB/s after several hours of copying a large file. Files beyond a certain size take so long to write that I couldn't use it (gave up after waiting 24 hours).

North Atlantic Treaty Org

[tepples]

Unless you've done it yourself there's always room for a conspiracy theory like the NWO controlling both the US and German governments and then some to suppress the truth.

s/W/AT/ and it becomes more plausible.

Re:North Atlantic Treaty Org

[Kjella]

s/W/AT/ and it becomes more plausible.

If it had more independent authority and personnel relative to the national military, perhaps. But NATO is a bunch of very unlikely allies brought together by WWII and the commies, aside from the mutual defense treaty it's very much an umbrella organization with my troops and your troops. I very much doubt that the US would tell Germany they have a backdoor and I'm not so sure Germany would take direction that way either.

Thanks for this valuable report, NSA

[stevegee58]

Let's get everyone using it again!

Two things: update to 1970 and running unmounted

[raymorris]

Yes, senstive files -should- be safe from people with access to the system. I'll explain.

Until the mid 1980s, computers were used via terminals. The company would have one computer used by dozens of people. Obviously, one person shouldn't be able to mess with a different person's files, processes, etc. Since these computers were used over a network, they ran a network operating system such as Unix.

One day someone decided to make a PERSONAL computer which would cost a lot less. To be affordable, it had only a few kilobytes of memory. It didn't need (and couldn't afford) all the multi-user networking stuff; it ran from the local disk. It used the Disk Operating System (DOS) rather than a network operating system. By its nature the Disk Operating System didn't need to protect one user's files from another user, and resources like RAM were really expensive, so DOS didn't bother. But -only- DOS and its successors! Virtually all other operating systems treat your stuff as yours, whether or not there are other users on the system (authorized or unauthorized) . Even the DOS successor Windows added this type of security a few years ago, first just in the GUI, by hiding other people's folders in GUI (everything was still fully accessible from a command prompt) , then more recently by adding a security model to the OS itself. It's now very much like the 1970s Unix mainframes in that access to the system shouldn't mean full control of everything on the system. (Meanwhile the Unix family moved to a more advanced model, with SELinux and GRE being implementations) .

Consider also my use case, the model that probably should be used by anyone who actually cares about the security of certain files. I don't decrypt and mount my most confidential information every time I want to read Slashdot or XKCD. I mount my encrypted volumes only when I need to access those confidential files. So 99% of the time, my computer is -running- and those files are completely -inaccessible- . A Flash exploit which provides access to my machine shouldn't mean they have access to my encrypted file system, which I haven't opened since July.

Oh the NSA agents.

[thegarbz]

Didn't those same NSA agents also give us SELinux?

That's the great thing about those nefarious organisations releasing open source software. It comes from the experts and yet can be audited.

Re:Oh the NSA agents.

The NSA implemented SELinux because they wanted the US government to be able to use it. They had to release the source code by legal requirement.

Linux BOOT sector encryption please

Linux BOOT sector encryption please similar to TC.

Luks/dmcrypt still gives away information on the screen as you log in that you are using Linux and therefore the filesystem is revealled.

I want TrueCrypt style booting on Linux, easy to install and convert filesystems. Currently LUKS keeps the BOOT in the clear, reveals the OS type and file storage mechanism.

Re:Two things: update to 1970 and running unmounte

[chmod+a+x+mojo]

I know this is /. , but god damn, read the fucking summary at least.

Oh, and your analogy is flawed as well:

Until the mid 1980s, computers were used via terminals. The company would have one computer used by dozens of people. Obviously, one person shouldn't be able to mess with a different person's files, processes, etc. Since these computers were used over a network, they ran a network operating system such as Unix...... Consider also my use case, the model that probably should be used by anyone who actually cares about the security of certain files. I don't decrypt and mount my most confidential information every time I want to read Slashdot or XKCD. I mount my encrypted volumes only when I need to access those confidential files. So 99% of the time, my computer is -running- and those files are completely -inaccessible- . A Flash exploit which provides access to my machine shouldn't mean they have access to my encrypted file system, which I haven't opened since July.

First: these "exploits" being mentioned require someone have access to the system already (in other words you are boned from the beginning). In your analogy this would be someone looking over your shoulder when you log into your terminal session and copying down your username and password, then later logging in to see / copy your files.

Secondly: if you would bother to take the time to read TFS you would realize that the entire second half of what you posted is exactly how truecrypt volumes are working right now. As of right now there are no known vulnerabilities or exploits to read (or write) usable data from an UNMOUNTED truecrypt volume.

Great

But that said, I've recently moved onto VeraCrypt.

Which I like even better since it has PIM, which I can classify as a third step of authentication.

Nice try, NSA!

George would be proud!

VeraCrypt is a Microsoft product?

[Futurepower(R)]

"... I'd rather trust the last official version of Truecrypt [7.1a] (with correct checksums) than any binary downloaded from the Veracrypt website."

When I go to the VeraCrypt web site, NoScript tells me that site uses Javascript from 3 different Microsoft web sites: aspnetcdn.com, msecnd.net, and s-msft.com.

The many connections to Microsoft web sites makes Windows 10 the world's most common spyware. Should you trust VeraCrypt when it is so closely monitored by the world's biggest spyware company?

Mozilla Foundation and Firefox are now controlled by Microsoft. Google stopped giving Mozilla Foundation $300,000,000 per year. Now Mozilla Foundation gets money from Microsoft through Yahoo. Microsoft pays Yahoo to use Microsoft's Bing Search. Yahoo pays Mozilla Foundation to use "Yahoo" search as the default in new installations of Firefox.

One of the effects of the control of the Mozilla Foundation by Microsoft is apparently that the Thunderbird and SeaMonkey Composer GUIs have been damaged, apparently deliberately. Every time you do a file save, the newer versions of both ask for a new file name, and don't suggest the last one chosen. The damage was reported several months ago, but has not been fixed.

A few of the many, many articles:

Microsoft has no plans to tell us what's in Windows patches. Each update is a black box, and it's going to stay that way.

Leaks show that Microsoft writes release notes, so why can't it publish them? The lack of documentation of Windows' updates is a baffling move on Microsoft's part.

Microsoft's Software is Malware. Malware means software designed to function in ways that mistreat or harm the user.

How Can Any Company Ever Trust Microsoft Again?

NSA Backdoor Exploit in Windows 8 Uncovered

Microsoft Gave the NSA Direct Backdoor Access to Outlook, Skype

Microsoft [lack of] Privacy Statement

Here's how to Block Windows 10 "Spying"

Re:VeraCrypt is a Microsoft product?

It's hosted on a Microsoft service (Codeplex).

Conspiracy theories and the "Second Cover"

[Ungrounded+Lightning]

... there's always room for a conspiracy theory like the NWO controlling both the US and German governments and then some to suppress the truth.

The problem is that people do tend to work together to advance their own interests, and do so in secret to reduce opposition from others. That is the definition of conspiracy. Such activity is not purely mythical or rare - it's pervasive, inherent to the human condition.

Governments, and groups within and/or associated with them, have a long track record of doing such things, getting away with them for years, and having (some of) them come to light decades later. It's always the same story: "Oh, yes, back in the bad old days there were such things going on. But that stuff isn't done any more. (And anybody who claims such stuff is happening now is a nutcase, so pay no attention to him.)"

Then, maybe 30 or 40 years later what was going on THIS time comes to light, and the story repeats. Or somebody blows the whistle while it's still going on and presents evidence (often at great cost to himself), and then it's "That's just a rogue person/agency/group. We're bringing them to heel." or "It's a corrupt administration. Replace the head of state with a different one (maybe from the other major party but keep the same two parties in power) and it's all taken care of." Yeah, right.

Snowden revelations, ECHELON, Watergate, COINTELPRO, Pentagon Papers, Hanford Experiment, Tuskegee Experiment, Factor 8, Abscam, Ng Lap Seng, Iran-Contra, MK-Ultra, Operations MOCKINGBIRD, PHOENIX, and CHAOS, ... I could go on for pages, and that's just big, US (sometimes with allies), stuff that came to light in MY lifetime.

The government has whole agencies tasked with conspiring in secret to collect information and/or intervene to interfere with any opposition to its interests. The US has "Black Budgets" to unauditably fund such activity, and the Department of Defense, alone, spends an estimated $50 BILLION a year on its portion of this (as of 2009).

With their activities occurring in secret, there is much temptation to, and limited checks on, also targeting the biggest risk to the people currently in power in any government: The citizens of the country.

"Spook" agencies have a number of techniques to keep these conspiracies hidden, and one that has come to light (and is appropos) is the "Second Cover". This consists of spreading TWO cover stories: The first is plausible. The second is tinfoil-hat fruitcake material, lightly hidden. Anybody who figures out the first cover IS a cover and starts digging finds the second cover. Then they usually either give up (rather than dig for a third level) or you get new material for the tabloids, and another boost for the "conspiracy theories are ALL crazy talk" meme. (And it also helps that occasionally they DO try out the odd piece of mystic bulls**t, just to see if any of it, like some herbal medicine, DOES work.)

I generally assume (as did The Framers) that this sort of creeping (or galloping) encroachment is inherent in governments, is going on (and having new project starts) all the time, we usually can't tell, through the fog of misdirection, what's going on NOW, and the job of the people, like a farmer clearing weeds and trimming orchard trees, is to continually cut it back to levels that don't ruin our own lives and livelihoods.

Do you feel comfortable with that?

[Futurepower(R)]

Do you feel comfortable with that? When TrueCrypt was abandoned, the TrueCrypt web site pushed people toward Microsoft.

do you not understand your own user name?

[raymorris]

> someone have access to the system already (in other words you are boned from the beginning).

Is it possible that you really don't understand your own user name?
Consider chmod 600. 600 means it doesn't matter if they have access to the system, they don't have access to your file. And that's the simplistic 1970s security model, called discretionary access control.

    These days, most systems have what's called mandatory access control, and it means that YOUR programs don't have access to YOUR files; only the specific programs that use those particular files have access to them. With a standard DAC configuration fully enforced, somebody could have 100% full control of your browser and that gives them zero access to your financial records, for example.

So no, access to the system does NOT imply access to YOUR data, and if you move past 1970s security and update to circa 2003, access via your account doesn't mean access to all your files.

Re:do you not understand your own user name?

>Consider chmod 600. 600 means it doesn't matter if they have access to the system, they don't have access to your file. And that's the simplistic 1970s security model, called discretionary access control.

He meant physical access, ie. thus being able to remove the hard drive and load it onto another computer. Or booting with a live CD.

osxfuse?

is veracrypt on osx worthy of any trust, since it requires osxfuse?
who audits osxfuse for $TLA backdoors?

i wonder,,

How much of the true crypt crap previously published was actually legit?
If so, NSA, CIA, FBI, ATF, Microsoft(bitlocker), interpol, or some other org?? My point is true or not, was it inpropperly inflated to the extent that the things surfaced were not really as big of an issue as was previously reported?
maybe it wsa because DHI could not understand it
who knows,,, i find it very interesting regardless.

Why make stuff up and post it? CVE-2015-7359

[raymorris]

Why do people completely make stuff up out of their ass, without having any idea what they're talking about, then post it?

CVE-2015-7359, for example, is a user impersonation and privilege escalation. In other words, it blows past chmod 600, it allows one user logged into the machine to impersonate another user. There's no removing the hard drive necessary. The user's authentication token is globally accessible.

Some of us actually know this stuff, because we've been doing it for a living for decades. YOU could also actually know something by -learning- from us who already do. Or you could completely make stuff up and then believe your own pure fantasy. In which case you're worse off than someone who knows nothing - you "know" everything, but everything you "know" is wrong.

Re:Why make stuff up and post it? CVE-2015-7359

There's no night to be an arrogant twat.

Re:For what I use it for I suspect it's plenty saf

[skegg]

Ditto.

My primary reason for disk encryption is to protect my data from lost / stolen hardware.

But another benefit is that it makes it that much easier disposing of obsolete storage.

COOKIE EXPOSED

Soulskill :
                Their detailed, 77-page report (PDF) goes into further detail.
The report URL (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Truecrypt/Truecrypt.pdf;jsessionid=C46A2F3B7C535BDB330D47BCD470621E.2_cid286?__blob=publicationFile&v=2) contains your Java session identifier (JSESSIONID), which could be used to steal your cookie and hijack your browsing session on that site.
Pay attention on what you are posting...