TrueCrypt Audit back on track
TrueCrypt has been known for it’s brilliant security encryption tool, being a open-source tool just made it much better. It also allowed encrypting the Operating System volume.
Cryptography professor Mathew Green and Kenneth White launched a project to perform a security audit of TrueCrypt. This was due to the leaks of Edward Snowden, former NSA contractor, who suggested that NSA was engaged in efforts to undermine encryption. Both experts found some issues but nothing critical, nothing which would be seen as a backdoor. Their first phase of audit was published in April 2014.
In May 2014, developers of TrueCrypt announced that they were discontinuing TrueCrypt and suggested users to seek other alternatives.
This threw our plans for a loop,” Green said in a blog post Tuesday. “We had been planning a crowdsourced audit to be run by Thomas Ptacek and some others. However in the wake of TC pulling the plug, there were questions: Was this a good use of folks’ time and resources? What about applying those resources to the new ‘Truecrypt forks’ that have sprung up (or are being developed?)
After so long, the audit is back on track and it won’t be crowd funded as last time, but this time it will handled by Cryptography Services, a team of consultants from iSEC Partners, Matasano, Intrepidus Group, and NCC Group.
This will hopefully complement the NCC/iSEC work and offer a bit more confidence in the implementation,” Green said
The project will evaluate the original Truecrypt 7.1a which serves as a baseline for the newer forks, and it will begin shortly,” Green said. “However to minimize price—and make your donations stretch farther—we allowed the start date to be a bit flexible, which is why we don’t have results yet.
We want to be sure that the cryptography used to protect these encrypted volumes is solid and free of any errors that could allow recovery of the data,” the Cryptography Services team said in a blog post. “Because of the nature of the work, we’ll be focusing on the mode widely used and standardized components: XTS mode used with AES, as well as the Double and Triple Compositions
