TrueCrypt – vulnerabilities found but no backdoors

TrueCrypt is perhaps the world’s most popular local encryption tool because not only does it offer very strong levels of encryption but also, because of its open source* nature, it is generally regarded as being as NSA proof it is possible to get.

David Miranda, partner of Glenn Greenwald, the Brazilian journalist and a Guardian reporter who was involved in the release of documents leaked by whistleblowing hero Edward Snowden, successfully foiled UK police attempts to access the files he carried on his hard drive when illegally detained under the UK’s Terrorism Act in August last year.

Following Snowdon’s repeated NSA related disclosures however, and in particular those concerning the Bullrun program in which the NSA aimed to undermine most of the world’s most trusted encryption protocols, concern has grown that such a highly trusted privacy tool might have been backdoored by the NSA.

The problem is that although the source code is completely open to public scrutiny, the TrueCrypt program is a very complex piece of software engineering, and to be completely sure that no nasty bits of code or hidden weaknesses are contained within it is a time consuming task for experts, and so has never been done.

This is, it has to be said, big problem for all open source software, because although being open source is the best guarantee we have that code hasn’t been tampered with, the extremely limited resources available to the open source community means that most software has not in fact been fully audited (if at all).

Although security expert Bruce Schneier, for example, recommended TrueCrypt as a tool for protecting files, even he could not be sure it was 100 percent safe to use,

‘No, I don’t have any inside knowledge about TrueCrypt, and there’s a lot about it that makes me suspicious. But for Windows full-disk encryption it’s [TrueCrypt], Microsoft’s BitLocker, or Symantec’s PGPDisk – and I am more worried about large US corporations being pressured by the NSA than I am about TrueCrypt.’

Last December an Electronic Frontier Foundation (EFF) backed crowdfunded project almost doubled its target, and raised over $46 thousand towards fully auditing TrueCrypt, and determining once and for all whether the program is secure.

Speaking volumes for how difficult and complex the task is, the completion of Phase I of the project was announced on Monday. The good news in the report is that,

‘iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas. ’

Hurray! Unfortunately, some really sloppy code was discovered,

‘Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth… The  team  also  found  a  potential  weakness  in  the  Volume  Header  integrity  checks… The integrity protection can be bypassed, but XTS prevents a reliable attack,  so it does not currently appear to be an issue. Nonetheless, it is not clear why a cryptographic hash or HMAC was not used instead.’

This these kind of mistakes are hardly encouraging, and given the massive resources that the NSA deploys to uncover just such weaknesses, leads us to worry that that they must have already discovered these flaws. Still, at least they were not deliberately engineered…

‘The vulnerabilities… all appear to be unintentional, introduced as the result of bugs rather than malice.’

Phase II of the audit follows, beginning on the formal cryptanalysis.

*Strictly speaking, some elements of TrueCrypt are source available, rather that truly FOSS (Free Open Source Software), but for the purpose of auditing the code this makes little difference

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

Leave a Reply

Your email address will not be published. Required fields are marked *