TrueCrypt Safer Than Previously Thought

An anonymous reader writes: Back in September, members of Google's Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt's code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have "far-reaching access to the system," with which they could do far worse things than exploit an obscure vulnerability.

The auditors say, "It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure." For other uses, the software "does what it's designed for," despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail.

To the former TrueCrypt developers

Whoever you are, wherever you are: Thank You for developing an amazing piece of software and releasing it (and the source code) for free. You improved the right to privacy of millions of people around the world.

There have been dozens of stupid, vulgar and insulting conspiracy theories about them ("Oh, they are NSA agents!"), the reality is that they must be generous and intelligent people, very rare in today's world.

Re:To the former TrueCrypt developers

Also, thank you for the canary, even when you did not set it up properly. (You should have had!)

So far VeraCrypt is looking good, but I think I stick with TrueCrypt 7.1a for a while.

Oh, bore off

This is not the first TrueCrypt's audit (no, I'm not linking the others, search for them), nobody has ever found critical flaws in it, as long as one understands what TrueCrypt's "threat model" is. Obviously TrueCrypt won't save anyone from the stupidity of leaving a computer with mounted encrypted volumes physically avaliable to everyone.

Re: TrueCrypticles!

[Kjella]

So some people actually thought disk encryption is safe even if an attacker has access to the system? How so? I mean.... if you leave your front door unlocked it is apparently such that anyone else can enter without a key. I guess tat's an obvious fact that most people would agree so why then is not apparent that an unlocked encrypted disk is accessible to anyone that is logged into the system? Seriously that eludes me.

Not access to the system, access to the front door. They can't break down the door, but they can tamper with it so the next time you unlock it they copy the key or slip in with you. Which means the door isn't sufficient, but the remaining threats aren't the fault of the door. It does its job of staying locked until someone presents the right key.

Re:With all respect to Fraunhofer

[Kjella]

As long as there's somebody with an agenda, there is always the chance for foul play. If the EFF (fairly impeccable impartiality) ordered a review by a US security expert (also with impeccable impartiality) many would suspect the NSA of issuing a NSL instructing the researcher to give it a clean bill of health. Unless you've done it yourself there's always room for a conspiracy theory like the NWO controlling both the US and German governments and then some to suppress the truth. And there's also matters like competency, a totally legit audit might fail to see a cleverly hidden backdoor. Fortunately they're not mutually exclusive so you can look at the totality and estimate how likely it is that everybody's lying or if that there really was a backdoor that someone would have found it and told about it. Usually there's somebody with integrity who thinks the public needs to know, maybe not outing themselves like Snowden but I think someone, somewhere would have dropped an anonymous hint on where to look. Personally I'm getting more and more convinced the infamous 7.2 release was because they were being forced to implement a backdoor, not to warn of an existing one. That 7.1a was simply too good for our Orwellian overlords, which I don't welcome.

North Atlantic Treaty Org

[tepples]

Unless you've done it yourself there's always room for a conspiracy theory like the NWO controlling both the US and German governments and then some to suppress the truth.

s/W/AT/ and it becomes more plausible.

Thanks for this valuable report, NSA

[stevegee58]

Let's get everyone using it again!

Two things: update to 1970 and running unmounted

[raymorris]

Yes, senstive files -should- be safe from people with access to the system. I'll explain.

Until the mid 1980s, computers were used via terminals. The company would have one computer used by dozens of people. Obviously, one person shouldn't be able to mess with a different person's files, processes, etc. Since these computers were used over a network, they ran a network operating system such as Unix.

One day someone decided to make a PERSONAL computer which would cost a lot less. To be affordable, it had only a few kilobytes of memory. It didn't need (and couldn't afford) all the multi-user networking stuff; it ran from the local disk. It used the Disk Operating System (DOS) rather than a network operating system. By its nature the Disk Operating System didn't need to protect one user's files from another user, and resources like RAM were really expensive, so DOS didn't bother. But -only- DOS and its successors! Virtually all other operating systems treat your stuff as yours, whether or not there are other users on the system (authorized or unauthorized) . Even the DOS successor Windows added this type of security a few years ago, first just in the GUI, by hiding other people's folders in GUI (everything was still fully accessible from a command prompt) , then more recently by adding a security model to the OS itself. It's now very much like the 1970s Unix mainframes in that access to the system shouldn't mean full control of everything on the system. (Meanwhile the Unix family moved to a more advanced model, with SELinux and GRE being implementations) .

Consider also my use case, the model that probably should be used by anyone who actually cares about the security of certain files. I don't decrypt and mount my most confidential information every time I want to read Slashdot or XKCD. I mount my encrypted volumes only when I need to access those confidential files. So 99% of the time, my computer is -running- and those files are completely -inaccessible- . A Flash exploit which provides access to my machine shouldn't mean they have access to my encrypted file system, which I haven't opened since July.

Re:newer replacement for TrueCrypt users

[mrchaotica]

Weren't there (at least) two different TrueCrypt replacements? Did they get consolidated into VeraCrypt, or are there other choices still out there?

Why make stuff up and post it? CVE-2015-7359

[raymorris]

Why do people completely make stuff up out of their ass, without having any idea what they're talking about, then post it?

CVE-2015-7359, for example, is a user impersonation and privilege escalation. In other words, it blows past chmod 600, it allows one user logged into the machine to impersonate another user. There's no removing the hard drive necessary. The user's authentication token is globally accessible.

Some of us actually know this stuff, because we've been doing it for a living for decades. YOU could also actually know something by -learning- from us who already do. Or you could completely make stuff up and then believe your own pure fantasy. In which case you're worse off than someone who knows nothing - you "know" everything, but everything you "know" is wrong.