USPTO Demands EFF Censor Its Comments On Patentable Subject Matter

Security Audit Of TrueCrypt Doesn't Find Any Backdoors -- But What Will Happen To TrueCrypt?

from the questions-still-left-to-be-answered dept

Fri, Apr 3rd 2015 6:15pm — Mike Masnick

Over the past few years we've followed the saga of TrueCrypt. The popular and widely used full disk encryption system got some attention soon after the initial Snowden leaks when people started realizing that no one really knew who was behind TrueCrypt, and that the software had not been fully audited. Cryptographer Matthew Green decided to lead an effort to audit TrueCrypt. A year ago, the team released the first phase, finding a few small vulnerabilities, but no backdoors and nothing too serious. This week the full audit was completed and again finds no evidence of any backdoors planted in the code. Matthew Green's blog post on the report provides the key details, which notes a few small issues that should be fixed, but nothing too serious:

The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

That doesn't mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to.

For example: the most significant issue in the Truecrypt report is a finding related to the Windows version of Truecrypt's random number generator (RNG), which is responsible for generating the keys that encrypt Truecrypt volumes. This is an important piece of code, since a predictable RNG can spell disaster for the security of everything else in the system.

However, as Green notes, the problem with the way its implemented in TrueCrypt would only be a problem in "extremely" rare circumstances that wouldn't impact most users. But it's still something that could be fixed.

But that's where the problem lies. As you may recall, in the midst of all of this, the still anonymous developers behind TrueCrypt suddenly announced that it wasn't secure and that all development had ceased. There have been some efforts to fork and rescue TrueCrypt, but that's come with some skepticism as people feared what might be hidden in the code (and also some concerns about the TrueCrypt license.

Hopefully this new audit puts at least some of those concerns to rest (though it's always good to be paranoid when building security software) and people do really put an effort developing an updated version of TrueCrypt. For what it's worth, I've seen a bunch of articles claiming the audit shows that TrueCrypt is safe. That's not quite true. It's just saying they didn't find anything -- which should be very re-assuring, but you can never say with 100% certainty that the code is safe. Either way, what's needed now is more development moving forward.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: audit, backdoors, encryption, full disk encryption, matthew green, security, truecrypt

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 3 Apr 2015 @ 7:46pm

I would be very interested in knowing if the anonymous individual(s) behind TruCrypt released that statement (and resigned) of their own volition.

We all know what ended up happening to Mr. Snowden's secure e-mail provider...
[ link to this | view in thread ]
Anonymous Coward, 3 Apr 2015 @ 9:45pm

You don't need encryption if you go offline everytime you do something local. You can achieve a greater amount of 'encryption' if you simply unplug and store all of your activity on a removable drive.

It's that simple.
[ link to this | view in thread ]
kyle clements (profile), 3 Apr 2015 @ 11:01pm

Re:
But we shouldn't have to.

As citizens of what is supposed to be a liberal democracy, we should be able to implicitly trust our government not to spy on us.
[ link to this | view in thread ]
Anonymous Coward, 4 Apr 2015 @ 12:06am

Re:
You don't need encryption if you go offline everytime you do something local. You can achieve a greater amount of 'encryption' if you simply unplug and store all of your activity on a removable drive.

Ummm, so what keeps the data on your removable drive secure?
[ link to this | view in thread ]
Socrates, 4 Apr 2015 @ 12:41am

Offline
No it isn't.

Temporarily disconnecting Internet would not prevent a keylogger from transmitting private data once you reconnect. A permanently disconnected device would be safer in this regard. This is sometimes referred to as a "air firewall". It is common for higher grade military systems and less common than it should in the rest of the society.

And, disc encryption provides a different kind of protection. It protects against physical intrusions. It prevents planting of false evidence, it prevents criminals from stealing information, it prevents TSA from copying your private photos, and so on, as long as only you hold the key.

A very determined attacker might still get the key. If the devise is on and the key is stored in volatile memory (when the disk have been mounted), the information may be frozen long enough by applying a strong cooling substance, and accessing the information directly with an external analyzer connected to the chips. It is a hassle for an attacker though.

Offline and disk encryption gives good protection.
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

Edward Kosarin, 4 Apr 2015 @ 2:10am

Money
I had 330000 embezzled from me. I am 71 and in need of money
[ link to this | view in thread ]
Anonymous Coward, 4 Apr 2015 @ 4:09am

Re: Offline
I seem to remember something in the 30c3 talk by Jacob Appelbaum about circumventing air-gapped machines, all seemed very far fetched but the tech was certainly there.
It sounds depressive but if they really want to get to you, there's every chance they will get to you.
[ link to this | view in thread ]
Rich, 4 Apr 2015 @ 6:07am

Re:
You seem to lack a basic understanding of how computers work and what they are capable of.
[ link to this | view in thread ]
Socrates, 4 Apr 2015 @ 6:18am

Diminishing returns
Sort of.

That is why there is a point in using disk encryption in the first place. If they get inside your home an attacker can do all sort of bad stuff. And not only with electronic devices. The same goes for TSA at the airport. They rape and steal, and fondle both devises and people. They do so to the extent that many people choose riskier transports such as cars. Being easy targets encourage the TSAs of this world and there might be more of them, and at new places.

Tempest (radio wave surveillance) is also an attack vector. They may park a "van" outside your home to pick up signals transmitted from your keyboard, wires, and so on.

They may intercept hard-drives and infect them, so if you ship any media it might contain information you would like to keep private.

And they might use the "wrench" on you instead of the computer. "Give us secrets or kiss your ... goodbye"

There is a difference between these, and snooping on billions of computers/phones/tabs: Cost and effort!

If encryption and air gapping were more common it would be more difficult for the bad guys to do bad things. The world would be a better place
[ link to this | view in thread ]
Reality bites, 4 Apr 2015 @ 7:31am

Nothing what so ever, its there for all to see.
Especially with offline malware/virus's like Stutnex and the millions of variants they already have in use.

A removable drive is great for the kids soccer photos but little else.
[ link to this | view in thread ]
simple, 4 Apr 2015 @ 10:04am

It will continued to be used.
[ link to this | view in thread ]
typo, 4 Apr 2015 @ 10:04am

Re:
*continue
[ link to this | view in thread ]
Anonymous Coward, 4 Apr 2015 @ 10:22am

Re: Offline ... "air firewall" or "air gap"?
A permanently disconnected device would be safer in this regard. This is sometimes referred to as a "air firewall".

I didn't think that air made a particularly good firewall, but it does make an excellent piping backflow preventer, since water cannot easily flow across an air gap. Some people refer to a network-disconnected computer as "air gapped" -- whether or not that's the proper term.

https://www.portlandoregon.gov/water/article/28137
[ link to this | view in thread ]
Anonymous Coward, 4 Apr 2015 @ 10:27am

Re:
That only works until someone gets physical access to your 'removable drive' - like, for instance, border control at a border or a random police officer during a traffic stop.

Or, even, someone stealing your device out of your car/house/office. Because that NEVER happens.

What you are proposing is effectively no security at all. It's beyond naive.
[ link to this | view in thread ]
John Fenderson (profile), 4 Apr 2015 @ 4:26pm

Personally speaking
The results of the security audit are good enough that I will stop telling people to avoid TrueCrypt.

However, I am not going to start recommending it and will not begin using it myself. The statement of no confidence that the developer made is enough to put a doubt in my mind that no security audit will entirely remove. Since there are several other alternatives available that are well established and widely trusted, there's no need to live with that niggling doubt.
[ link to this | view in thread ]
Zem, 4 Apr 2015 @ 5:47pm

What better way to stop the public using an encryption you can't crack. Bail up the anonymous author, threaten them with jail, and make them post that it is not secure.

TBH if that post was genuine, the anonymous author would have also told us how and why it was no longer secure.
[ link to this | view in thread ]
John Fenderson (profile), 4 Apr 2015 @ 9:20pm

Re:
It's possible, and even if that's the case, there are still others that are at least equally as strong, so the loss is minimal.

"if that post was genuine, the anonymous author would have also told us how and why it was no longer secure."

Not necessarily. In part, it depends on what the nature of the perceived insecurity is. It might not be a weakness in the code but in the team, for example. Also, it might be that the team was coerced into silence, such as through a gag order, and they didn't want to risk prison.
[ link to this | view in thread ]
Anonymous Coward, 4 Apr 2015 @ 10:16pm

Re:
"You don't need encryption if you go offline everytime you do something local."

That's the point of Truecrypt. Encrypting yourself 'offline' so as to prevent offline threats from compromising whatever it is you're trying to protect.

Simply 'unplugging' is not enough in the world of espionage...
[ link to this | view in thread ]
Anonymous Coward, 4 Apr 2015 @ 10:23pm

Re: Personally speaking
Why would you stop telling people to encrypt themselves offline?

I don't know what your client base consists of, but it certainly doesn't hurt any one to have localized encryption...

Btw, which alternatives are you referring to?

As far as I know, there isn't many...
[ link to this | view in thread ]
Anonymous Coward, 4 Apr 2015 @ 11:31pm

Fixing TrueCrypt
Leaving questions about licensing aside, surely Matthew Green and co. are best placed and most trusted to fix the vulnerabilities: they must have done most of the work already.
[ link to this | view in thread ]
Anonymous Coward, 5 Apr 2015 @ 8:02am

Re:
TBH if that post was genuine, the anonymous author would have also told us how and why it was no longer secure.

This assumes the person making the post knows it. What if the person who discovered the vulnerability was kidnapped before he could tell the team what it was, (not as far fetched as it sounds, sadly) and the rest of the team only knows, "Mike thinks there's a flaw and went missing. We don't know what it is, or even how to look for it, but Mike's been pretty damn reliable."
[ link to this | view in thread ]
BentFranklin (profile), 5 Apr 2015 @ 3:34pm

Re:
That's what I was thinking, Zem. The spy infrastructure has the resources to make the good seem bad and vice versa, almost at will.
[ link to this | view in thread ]
John Fenderson (profile), 6 Apr 2015 @ 7:44am

Re: Re: Personally speaking
"Why would you stop telling people to encrypt themselves offline?"

I would never stop recommending that, and never said that I would. I highly recommend whole disk encryption.

"Btw, which alternatives are you referring to?"

Here's a handy quick comparison chart, although there are many others not listed there. It's a decent starting point, though. http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
[ link to this | view in thread ]
bougiefever (profile), 6 Apr 2015 @ 9:49am

What were they threatened with to abandon their work?
It's very chilling to consider the implications of the developers suddenly quitting their project. Not just quitting, but trying to kill it by announcing it is no good. People don't just kill years of their own work over nothing. I think we can all agree that there is only one entity that could make this happen. How very, very scary. It does, however, make me want to get the latest build of TrueCrypt. It must be good for the US government to be so afraid of it.
[ link to this | view in thread ]
Rudi Pittman, 7 Apr 2015 @ 9:29am

Veracrypt (a fork of truecrypt that existed long before truecrypt died) was created to actually INCREASE security in Truecrypt and it still exists/is updated.
[ link to this | view in thread ]
Matthekc, 7 Apr 2015 @ 11:32am

Re:
That's not what disk encryption is for... It's to protect your disk in most normal cases from criminals if your computer is stolen. You put lots of personal info on your computer tax returns, scans of important documents, and emails... at least I do. Good cross-platform encryption allows me to be able to do those things and sleep at night.
[ link to this | view in thread ]