Biz & IT —

TrueCrypt security audit presses on, despite developers jumping ship

Thorough cryptanalysis will search for backdoors and crippling weaknesses.

TrueCrypt security audit presses on, despite developers jumping ship

TrueCrypt, the whole-disk encryption tool endorsed by National Security Agency leaker Edward Snowden and used by millions of privacy and security enthusiasts around the world, will receive a second round of safety audits despite being declared unsafe and abruptly abandoned by its anonymous developers two days ago.

Phase II of the security audit was already scheduled to commence when Wednesday's bombshell advisory dropped on the TrueCrypt SourceForge page. After 24 hours to reflect on the unexpected move, an organizer with the Open Crypto Audit Project said he saw no reason to scrub those plans. Online fundraisers to bankroll the project have raised about $70,000, well past the $25,000 organizers had initially aimed for.

"We have conferred and we are firmly going forward on schedule with the audit regardless of yesterday's circumstances," Kenn White, a North Carolina-based computer scientist and audit organizer told Ars Thursday. "We don't want there to remain all sorts of questions or scenarios or what ifs in people's minds. TrueCrypt has been around for 10 years and it's never received a proper formal security analysis. People are going to continue to use it for better or worse, and we feel like we owe the community the proper analysis."

Phase I involved a review of TrueCrypt source code and an analysis of its software architecture. The audit report uncovered vulnerabilities and some sloppy coding practices but no evidence of the kinds of backdoors alleged to have been deliberately built into some popular crypto schemes by the NSA.

Not out of the woods yet

The preliminary finding was a relief given TrueCrypt's status as a decade-old program created by anonymous developers. But it by no means should be regarded as giving TrueCrypt a clean bill of health. That's because crypto backdoors can easily be stashed in random number generators, encryption ciphers, or other mathematical components of a complex piece of encryption software. Indeed, RSA reportedly endowed its BSAFE crypto toolkit with a random number generator that was engineered by the NSA. The lack of entropy when the algorithm, called Dual EC_DRBG, picked numbers to seed keys gave eavesdroppers a way to break the BSAFE-protected communications, Reuters reported in December.

Phase II of the TrueCrypt audit is intended to sniff out precisely these kinds of backdoors. The second round involves a thorough cryptanalysis, including an audit of the TrueCrypt cipher suites, random number generators, and the way volumes are encrypted. In short, it will analyze the entire way encryption is implemented in the program.

White said the technical lead of Phase II is Thomas Ptacek, a widely respected security expert at Matasano who specializes in cryptographic protections. He'll be working closely with a variety of other highly regarded researchers, including Nate Lawson, a cryptographer at Root Labs. The work is expected to begin in June and wrap up by the end of September, White said.

Given the events of this week, it's fair to conclude that TrueCrypt has either been snatched out of the hands of its absentee developers by hackers or, much more likely, publicly and abruptly abandoned. In some ways, the commencement of Phase II seems moot since the future of the software is extremely uncertain. On the other hand, the project will be examining TrueCrypt 7.1, the last fully working version of the program. If researchers can determine with a reasonable degree of confidence that it's cryptographically sound, the endorsement could prove comforting for millions of people looking for a reliable cross-platform way to encrypt their most sensitive data.

Channel Ars Technica