×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security Researchers Want To Fully Audit Truecrypt

Unknown Lamer posted about 6 months ago | from the brought-to-you-by-the-makers-of-stuxnet dept.

Security 233

Hugh Pickens DOT Com writes "TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. 'Lots of people use it to store very sensitive information,' writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. 'That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this.' According to Green, Truecrypt 'does some damned funny things that should make any (correctly) paranoid person think twice.' The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. 'As it can't be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.' Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. 'We're now in a place where we have nearly, but not quite enough to get a serious audit done.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

233 comments

Different Source Code for Different Versions? (5, Funny)

tysonedwards (969693) | about 6 months ago | (#45142369)

I am shocked, and frankly a little pissed off that Version 6 and Version 7 aren't identical.

Re:Different Source Code for Different Versions? (1)

Lunix Nutcase (1092239) | about 6 months ago | (#45142379)

Yeah was just about to make the same post. That sentence sounds pretty stupid.

Re:Different Source Code for Different Versions? (0)

Anonymous Coward | about 6 months ago | (#45142457)

Yeah was just about to make the same post. That sentence sounds pretty stupid.

Pretty obvious typo?

Re:Different Source Code for Different Versions? (1)

Lunix Nutcase (1092239) | about 6 months ago | (#45142581)

Yes, hence why it was stupid that the "editor" did not pick up on it and fix it. As you said, it's glaringly obvious.

Re:Different Source Code for Different Versions? (1)

Cryacin (657549) | about 6 months ago | (#45142641)

Meet the new version, same as the old version, except with a better logo.

Re:Different Source Code for Different Versions? (1)

Russ1642 (1087959) | about 6 months ago | (#45142689)

And a higher number. Software gets better as the number goes up, which is why Mac OS X is better than Windows 8.

Re:Different Source Code for Different Versions? (1)

Anonymous Coward | about 6 months ago | (#45143389)

Reading 'ironic' comment after comment after comment has really become tiresome on /.

Re:Different Source Code for Different Versions? (0)

Anonymous Coward | about 6 months ago | (#45143513)

Huh? How do you compare a letter version with a number version? Is J better than 14?

Apples and oranges.

Re:Different Source Code for Different Versions? (0)

Anonymous Coward | about 6 months ago | (#45143571)

That's why I run Windows XP!

Re:Different Source Code for Different Versions? (1)

K. S. Kyosuke (729550) | about 6 months ago | (#45143045)

Yes, hence why it was stupid that the "editor" did not pick up on it and fix it. As you said, it's glaringly obvious.

It's a backdoor in the article!

Typo? (-1)

Anonymous Coward | about 6 months ago | (#45142391)

'As it can't be ruled out that the published Windows executable of Truecrypt 6.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip"

I would hope version 6.0a is compiled from a different source than 7.0a. Why roll a version number with no change?

Re:Typo? (5, Informative)

Lunix Nutcase (1092239) | about 6 months ago | (#45142449)

Yeah, it's a typo. The privacy report says in the last full paragraph on page 13:

As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.

Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.

Re:Typo? (5, Funny)

davidbrit2 (775091) | about 6 months ago | (#45142543)

Well, we can't trust that copy/paste hasn't been back-doored.

Re:Typo? (0)

Anonymous Coward | about 6 months ago | (#45142571)

If you can't even trust your clipboard what can you trust?!?!?!

Re:Typo? (1)

gridzilla (778890) | about 6 months ago | (#45142595)

Looking at the current state of science you can only trust what's in your grey matter. Anything outside that can be listened to / intercepted or otherwise processed by the NSA.

Re:Typo? (0)

Anonymous Coward | about 6 months ago | (#45142713)

The government has mind-control lasers.

You can't even trust your own head, unless you're wearing one of my patented CRAnial Protection devices. Only 99.99 if you buy it now, though we'll soon have to take payment in gold, silver, or bottlecaps.

Re:Typo? (0)

Anonymous Coward | about 6 months ago | (#45143517)

The government has mind-control lasers.

You can't even trust your own head, unless you're wearing one of my patented CRAnial Protection devices. Only 99.99 if you buy it now, though we'll soon have to take payment in gold, silver, or bottlecaps.

What?! No bitcoins?!

Re:Typo? (1)

I'm New Around Here (1154723) | about 6 months ago | (#45142885)

Wait. You trust Clippy?

Re:Typo? (2, Funny)

Anonymous Coward | about 6 months ago | (#45143613)

Wait. You trust Clippy?

It looks like you're trying to keep a secret. Would you like me to search online for help on keeping secrets?

Re:Typo? (3, Funny)

Rob the Bold (788862) | about 6 months ago | (#45142729)

Yeah, it's a typo. The privacy report says in the last full paragraph on page 13:

As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a Source.zip” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.

Seems the author retyped the statement themselves rather than just copying and pasting then the summary carried it over.

As I can't make sense of this sentence even as corrected, I however can't preclude that there is still a typo.

Re:Typo? (1)

twdorris (29395) | about 6 months ago | (#45142951)

As I can't make sense of this sentence even as corrected, I however can't preclude that there is still a typo.

Yeah. What he said. No version of that original sentence makes any sense to me anyway.

Re:Typo? (4, Informative)

lxs (131946) | about 6 months ago | (#45143417)

This summary is a lot like the header of a Truecrypt volume in that it may contain crucial information in scrambled form.
The rest of TFA explains that the header of a Truecrypt volume either contains encrypted zeros (using the Linux version) or "random bits" when using the Windows client. The implication is that these "random bits" could actually contain the encrypted key to the volume.

Re:Typo? (3, Insightful)

blueg3 (192743) | about 6 months ago | (#45143871)

It's not well-written.

Here's what it's saying:
* We can audit the TrueCrypt source code.
* TrueCrypt for Windows is distributed as a binary.
* We can't verify that the TrueCrypt for Windows binary is actually built from the TrueCrypt source code.
* Thus, we can't (effectively) audit the TrueCrypt for Windows binary.

They give an example of one backdoor of concern in the sentence, but really the logic is true for any arbitrary security concern.

Re:Typo? (2, Insightful)

shipofgold (911683) | about 6 months ago | (#45143083)

While it could have been worded better, I did understand the author's intent of the comment.....

A lot of people apparently use Truecrypt 6.0a and earlier. I don't believe sourcecode for those earlier versions has ever been published. That means people could be using a binary that is completely different than the Truecrypt 7...complete with backdoors or other vulnerabilities. No matter how much you analyze Truecrypt 7 software, all Truecrypt 6.0a and earlier versions should be considered vulnerable.

A thought (3, Insightful)

Anonymous Coward | about 6 months ago | (#45142617)

TrueCrypt has a custom license and it is unclear how it mixes with other licenses. This makes code-sharing between TrueCrypt and other projects problematical.

According to TFA nobody knows who wrote TrueCrypt.

The answer to the problem is simple: relicense TrueCrypt. If there are no known authors, there's nobody to complain.

Re:A thought (2)

Desler (1608317) | about 6 months ago | (#45142639)

Except copyright law doesn't work that way.

Re:A thought (2)

Grantbridge (1377621) | about 6 months ago | (#45142663)

Well they would have to come forward to launch legal proceedings, wouldn't they?

Re:A thought (1)

Anonymous Coward | about 6 months ago | (#45142819)

Which has little bearing on the fact that you still can't relicense the code without the consent of the copyright holder(s). No one with a brain, for example any mainstream Linux distro, is going to distribute the program after it's been illegally relicensed. It simply makes them a target for copyright infringement lawsuit since, unlike a patent, a copyright is automatically assigned and valid in all countries who signed the Berne Convention.

Re:A thought (1)

Grantbridge (1377621) | about 6 months ago | (#45142857)

Well what I meant was if you wanted to know who was behind it, you could make a shell company who then illegally re-license TrueCrypt and wait to get sued. What could possible go wrong??

Re:A thought (2)

mlts (1038732) | about 6 months ago | (#45143105)

It still is acting in bad faith. Even though nobody comes out to actively defend a work, it still isn't ethical to recopy and relicense someone else's stuff without permission.

If TC turns out to have issues, the best thing would be to get behind a project like FreeOTFE and have that thoroughly audited and vetted. The second best would be to see about getting a company who has a product with similar functionality (BestCrypt or even better, Symantec's PGP Desktop) and having them create an "open" version. This likely will be extremely difficult at best.

Re:A thought (3, Interesting)

TheCarp (96830) | about 6 months ago | (#45143431)

I have used FreeOTFE before, and kind of forgotten about it. As it happens, I am looking for something just like this now for use with some USB keys I need to use to share data at different places.

Now that I look at it I see this on Wikipedia:
"The FreeOTFE website is unreachable as of June 2013 and the domain name is now registered by a new owner."

So I asked, is it even being maintained? I know its open source but, its good to know if a project is actively maintained too. Apparently the place to go is Sourceforge as freeotfe.org is something else now: http://sourceforge.net/projects/freeotfe.mirror/ [sourceforge.net]

AND the latest release is several months after the original website disappeared, So it looks like somebody is working on it anyway. May be just what I needed.

Ethical?! (1)

Anonymous Coward | about 6 months ago | (#45143767)

Even though nobody comes out to actively defend a work, it still isn't ethical to recopy and relicense someone else's stuff without permission.

(Seriously?)

It passes the "intent of copyright law" test (if they aren't exercising their monopoly (the very incentive that copyright offers) then the copyright serves no purpose). Copyright without market participation just doesn't make any sense at all.

It passes the "golden rule" test (if I released something anonymously but forgot to grant explicit permission to make derived works, then I wouldn't bitch if someone else opened it, thereby allowing my software to become maintained). Put the shoe on the other foot, and it fits.

Furthermore, if you don't know who did it, then for all you know, they're literally dead. A corpse cannot possibly be a victim; there's basically nothing unethical you can do with a corpse, except maybe feed it to someone for purposes of distressing them. Along the same lines, they might simply not-give-a-fuck (but be alive). You can commit an ethical infringement against someone who doesn't consider it to be an infringement.

You have no reason to suspect that whoever wrote it, has a problem with relicensing. I'm not saying that makes it permissable/safe/etc to relicense, but ethical? I think the ethics here are pretty well covered. Copyright currently has totally insane durations, far beyond the 5 years that ought to be normal for software. When someone releases something anonymously under such a system, they are damn well accepting that plenty of people wil be ethically disregarding any copyright, and that from a purely (i.e. admittedly non-pragmatic) ethical viewpoint, it simply isn't copyrighted. You can't have an anonymous ethical copyright. There's nothing to infringe, except per the law, and ONLY the law.

Look at it this way: I'm not saying it's ethical to do just anything to anonymous people, of course, but when someone chooses to be anonymous, they really are consenting to give up certain rights, pertaining to the action they perform anonymously. Asserting an anonymous copyright is a totally bullshit move and it's an ethical error to assign the same respect to it, that you'd give to a serious person.

Re:A thought (5, Informative)

Rob the Bold (788862) | about 6 months ago | (#45142991)

Except copyright law doesn't work that way.

How does copyright work in the case of anonymous authorship? I found this info which I make no attempt to explain . . .

In the US, there's this [copyright.gov] :)

(c) Anonymous Works, Pseudonymous Works, and Works Made for Hire. — In the case of an anonymous work, a pseudonymous work, or a work made for hire, the copyright endures for a term of 95 years from the year of its first publication, or a term of 120 years from the year of its creation, whichever expires first. If, before the end of such term, the identity of one or more of the authors of an anonymous or pseudonymous work is revealed in the records of a registration made for that work under subsections (a) or (d) of section 408, or in the records provided by this subsection, the copyright in the work endures for the term specified by subsection (a) or (b), based on the life of the author or authors whose identity has been revealed. Any person having an interest in the copyright in an anonymous or pseudonymous work may at any time record, in records to be maintained by the Copyright Office for that purpose, a statement identifying one or more authors of the work; the statement shall also identify the person filing it, the nature of that person's interest, the source of the information recorded, and the particular work affected, and shall comply in form and content with requirements that the Register of Copyrights shall prescribe by regulation.

And this [copyright.gov]

Anonymous Work

An author's contribution to a work is “anonymous” if that author is not identified on the copies or phonorecords of the work. If the contribution is anonymous, you may:

* reveal the author's identity even though the work is anonymous, or
* leave the author fields blank, or
* give “Anonymous” in the last name field.

Note that if a work is “made for hire,” you must name the employer as author. In any case, you should check the anonymous box.

And internationally, there's this advice from wikipedia [wikimedia.org] .

A costly analysis (2)

TheloniousToady (3343045) | about 6 months ago | (#45142679)

All typos in the writeup aside, the TrueCrypt FAQ [truecrypt.org] states:

In addition to reviewing the source code, independent researchers can compile the source code and compare the resulting executable files with the official ones. They may find some differences (for example, timestamps or embedded digital signatures) but they can analyze the differences and verify that they do not form malicious code.

If so, why would it cost $16,000 to do that? Heck, I bet somebody would do that, and also do "a full security audit" of the source code, for free.

When I used to use TrueCrypt years ago, I assumed someone had already done that. But I never found any proof, so I stopped using it. Will the $16,000 maybe be used to pay someone to do that formally and publish the results?

Re:A costly analysis (1, Informative)

AHuxley (892839) | about 6 months ago | (#45142767)

Expensive, unique, proprietary, complex software is going to seek out traces of the military industrial complex and its best software contractors.

Re:A costly analysis (3, Informative)

nharmon (97591) | about 6 months ago | (#45142781)

Perhaps the $16,000 could be divided up and paid to multiple researchers who do their own separate analyses. Even better would be researchers on different continents, who pledge not to communicate with each other until their work is complete.

Re:A costly analysis (0)

Anonymous Coward | about 6 months ago | (#45142845)

If somebody would do that, why hasn't he? Auditing cryptographic software isn't like auditing most software, Joe Programmer won't cut it.

Re:A costly analysis (0)

Anonymous Coward | about 6 months ago | (#45142865)

If so, why would it cost $16,000 to do that? Heck, I bet somebody would do that, and also do "a full security audit" of the source code, for free.

Sure, I bet NSA would do it for free. Do you trust them?
There is also an 75 years old farmer no more than ten miles from here that also says that "It's probably nothing to worry about."

I don't think $16,000 cover the cost of finding someone that is universally trusted by all users. They will probably settle for someone with the correct knowledge that isn't proven to be corrupt yet.

Re:A costly analysis (-1, Troll)

Pino Grigio (2232472) | about 6 months ago | (#45143101)

Why do you give a flying **** what the NSA are doing with your data? I don't. I'm more concerned about Russia, China and assorted hackers and scammers the world over who might actually want to do me harm, steal my identity or raid my bank accounts.
I thought I could use TrueCrypt to encrypt a binary blob containing stuff that's important that I don't lose, before putting it into Crypted on my Dropbox. My reasoning was Crypted on Dropbox is going to get hacked eventually, so TrueCrypt might give me a second line of defence. It turns out that people don't seem to trust TrueCrypt either.

So I'm at a loss as to what to do, over and above hiding various USB keys all over the place.

Re:A costly analysis (1)

mlts (1038732) | about 6 months ago | (#45143497)

What would be nice would be a platform independent version of PhonebookFS/EncFS/EFS [1].

With this, one can mount a directory on a mount point, and all files written to the mount point get stored in the directory encrypted. The filesystem is important, but not critical, and the directory of encrypted files can be moved, archived, stuffed onto DropBox, etc. without loss of file integrity or security. PhoneBookFS is especially nice because a directory can have multiple layers in it, so there can be encrypted files which are never used and are just there as chaff, or the directory can have one layer full of innocuous stuff, another layer with the true sensitive data in it. The explanation about chaff always being present provides enough plausible deniability.

[1]: EFS as in the mid-90s version, and perhaps AIX's implementation, not EFS as in Windows's encrypted file support on NTFS.

Re:A costly analysis (5, Insightful)

TWiTfan (2887093) | about 6 months ago | (#45143505)

Why do you give a flying **** what the NSA are doing with your data? I don't. I'm more concerned about Russia, China and assorted hackers and scammers the world over who might actually want to do me harm,

Because as a U.S. resident, I don't worry about Russia, China, etc. kicking my door down and throwing me in jail or putting me on a no-fly list for some joke I made in a private email to a friend.

Re:A costly analysis (5, Insightful)

emho24 (2531820) | about 6 months ago | (#45143619)

Why do you give a flying **** what the NSA are doing with your data?

Because government entities are being used to punish those of differing political beliefs than those in power. It will only get worse, and it matters not what "side" the current rulers are. The current administrations favorite punishment tool seems to be the IRS. Can't wait to find out how bad it gets with the next administration.

Re:A costly analysis (2)

Captain Hook (923766) | about 6 months ago | (#45142907)

If so, why would it cost $16,000 to do that?

It's not the compile and compare to existing binaries that's the expensive bit, that would just show the same source code was used.

The expensive bit is someone has to review everyline of code and really understand it to eliminate possible backdoors and someone has to review the workflow to find flaws in the implementation.

Waitaminit... (3, Interesting)

Shoten (260439) | about 6 months ago | (#45142725)

...I thought the main point of the "open source is more secure" argument was that this process supposedly happened on its own, organically?

Re:Waitaminit... (0)

Anonymous Coward | about 6 months ago | (#45142749)

Very sad attempt at trolling. Try better next time.

Re:Waitaminit... (3, Interesting)

Anonymous Coward | about 6 months ago | (#45143013)

Actually, he makes a good argument that should be taken seriously. Just because it is open source doesn't mean anyone is actually auditing it. If it happened often and spontaneously, there would be no need to raise $16,000 to support an audit.

Re: Waitaminit... (1)

Anonymous Coward | about 6 months ago | (#45142797)

It's happening, great isn't it?

Re: Waitaminit... (0)

Anonymous Coward | about 6 months ago | (#45142973)

After someone raises $16,000...

Re: Waitaminit... (0)

Anonymous Coward | about 6 months ago | (#45143039)

Which is happening. Oh, wait, you wanted Open Source to be done by magic so that if magic is proven false then Open Source is too...

Re:Waitaminit... (5, Insightful)

TheRaven64 (641858) | about 6 months ago | (#45143205)

No, the argument is that it can happen if someone decides that it's worth doing. Just making the code open doesn't mean that anyone will read it. It does, however, mean that:
  • You can build it yourself, so you know that the code that is audited is the code that is built (modulo toolchain trojans)
  • You can audit the code, or pay someone else to do it, without permission from the original authors beyond their original license
  • You can fix any security holes that such an audit turns up (or pay someone else to do it, again without requiring permission from the original authors beyond their original license

Re:Waitaminit... (1)

MrChips (29877) | about 6 months ago | (#45143531)

No, the argument is that it can happen if someone decides that it's worth doing. Just making the code open doesn't mean that anyone will read it. It does, however, mean that:

  • You can build it yourself, so you know that the code that is audited is the code that is built (modulo toolchain trojans)
  • You can audit the code, or pay someone else to do it, without permission from the original authors beyond their original license
  • You can fix any security holes that such an audit turns up (or pay someone else to do it, again without requiring permission from the original authors beyond their original license

And, if someone else does an audit, there's a better chance that they are not bound by NDA and can therefore speak freely about what they find.

Re:Waitaminit... (4, Insightful)

aaaaaaargh! (1150173) | about 6 months ago | (#45143717)

The real reason why open source practically always beats closed source in security applications is that the authors have to presume that someone else will take a look at the code later and therefore want to avoid too messy and unclean coding. With closed source the temptation is simply too high to introduce dirty hacks and shortcuts, such as crappy PRNGs where cryptographically secure ones would be required, using no salt or using default initialization vectors - things that would be too embarrasing if anybody could discover them easily.

Closed source developers can avoid that by independent security auditing, frequent reviews and strict coding guidelines, but that costs a lot of money and is only done when there is an external incentive like having to fulfill some FIPS regulation. In many if not all cases you can and should give a shit about the claims of even the most reputable closed source vendors. They are very likely lying about one thing or another and their managers likely don't even know exactly what they are really selling and how it works (viz., doesn't work).

Problems in the license, and an alternative? (5, Insightful)

seandiggity (992657) | about 6 months ago | (#45142763)

From http://lists.debian.org/debian-legal/2006/06/msg00295.html [debian.org] :

...if you distribute modified versions of TrueCrypt, you cannot charge for copies. That is non-free...
...nothing in the license constitutes a promise not to sue for copyright infringement. Our counsel advises that a plain reading of this indicates that if Fedora complies with all the requirements of the TrueCrypt license, we would nonetheless have no assurance that TrueCrypt will not sue me for my acts of copying, distribution, creation of derivative works, and so forth...
TrueCrypt seems to be reserving the right to sue any licensee for copyright infringement, no matter whether they comply with the conditions of the license or not. Based on this, our counsel advised that above and beyond being non-free, software under this license is not safe to use...
Our counsel advised us that this license has the appearance of being full of clever traps, which make the license appear to be a sham (and non-free).

Given all of this, plus the problems with TrueCrypt authorship etc. I think the best course of action is replacing with a free implementation, maybe starting with something like this [github.com] ?

Re:Problems in the license, and an alternative? (2)

seandiggity (992657) | about 6 months ago | (#45142847)

Given all of this, plus the problems with TrueCrypt authorship etc. I think the best course of action is replacing with a free implementation, maybe starting with something like this [github.com] ?

Ah, I see the current TrueCrypt license [truecrypt.org] has undergone substantial changes since the early days. Looks like a complete mess to me :/

Re:Problems in the license, and an alternative? (4, Informative)

Mr. Slippery (47854) | about 6 months ago | (#45142925)

That discussion is about an older version of the TrueCrypt license. While the newer version hasn't been submitted for OSI certification, some say it does meet the Open Source Definition [wikipedia.org] .

Re:Problems in the license, and an alternative? (1)

Anonymous Coward | about 6 months ago | (#45143139)

Whoa. From the tc-play page:

Bugs in the TrueCrypt documentation

The TrueCrypt documentation is pretty bad and does not really represent the actual on-disk format nor the encryption/decryption process.

Some notable differences between actual implementation and documentation:

        PBKDF using RIPEMD160 only uses 2000 iterations if the volume isn't a system volume.
        The keyfile pool is not XOR'ed with the passphrase but modulo-256 summed.
        Every field except the minimum version field of the volume header are in big endian.
        Some volume header fields (creation time of volume and header) are missing in the documentation.
        All two-way cipher cascades are the wrong way round in the documentation, but all three-way cipher cascades are correct.

Glad I never trusted it.

Re:Problems in the license, and an alternative? (3, Interesting)

mlts (1038732) | about 6 months ago | (#45143247)

Truecrypt's main advantage is that it is cross platform. I can make a TC volume on Windows, stash it on Dropbox, then later on open it on my Mac or Linux box.

However, each of the operating systems generally has some method which doesn't have the hidden volumes and the plausible deniability aspect, but some form of volume encryption.

OS X has FileVault 2, which can encrypt drives with a couple clicks. OS X also has a utility that makes sparse images, using "bands", which allows one to have an encrypted volume grow and shrink as needed. Of course, there is a loss of security with this feature, but it adds versatility.

Linux has LUKS and dm-crypt (Android uses a modified version of dm-crypt to protect the /data partition in newer revs.)

Windows has BitLocker. Windows 8 and newer's implementation of BitLocker allow for it to ask for a password before boot even if a TPM chip isn't present. Of course, not all Windows editions have BitLocker usable.

Of course, there are third party utilities. PGP (the commercial version owned by Symantec) comes to mind, which can encrypt Windows, Linux, and Mac volumes. I doubt this would ever be possible, but if their code was released with a free license, this likely would be the best Truecrypt replacement, although it wouldn't have hidden volume functionality.

Re:Problems in the license, and an alternative? (2)

tlhIngan (30335) | about 6 months ago | (#45143755)

OS X has FileVault 2, which can encrypt drives with a couple clicks. OS X also has a utility that makes sparse images, using "bands", which allows one to have an encrypted volume grow and shrink as needed. Of course, there is a loss of security with this feature, but it adds versatility.

Actually, bands are created so you can back up the encrypted volume files without bloating your backups.

Think about it - you mount your encrypted disk, then do some file operations - perhaps edit a file. You close the encrypted disk and do a backup. Well, your backup software can't get at the encrypted contents, so now it sees the entire volume has changed and needs backing up. Boom, if it's a 1GB volume, you just bloated your backup image by 1GB. And because yesterday's image is different, you now have two 1GB images. Repeat a few times and it gets unwieldy, fast.

The solution is either to let the backup solution backup the encryption volume while mounted (so it picks up the changed file rather than changed volume). Or as Apple has done it, band the image. Knowing that if you edit a few bytes, only a few things REALLY change in the image, rather than storing the whole 1GB image on the backup store, it backs up the changed bands (which if they're 1MB in size, will amount to a few MB backed up).

Sure it bloats the backup, but if you're routinely editing only a few bytes at a time, bloating the backup by megabytes a day is far superior than the entire volume daily.

Re:Problems in the license, and an alternative? (1)

LordLimecat (1103839) | about 6 months ago | (#45143783)

Not everyone is
A) ready to shell out $100 for bitlocker (for windows professional) when they could simply buy the better, and cross-platform, bestcrypt;
B) ready to trust Microsoft's FDE.

Proofread... (-1)

Anonymous Coward | about 6 months ago | (#45142867)

"Green is one of people leading the charge to setup "

One of which people?

'Set up' is two words.

I'm all for an audit (2, Interesting)

koan (80826) | about 6 months ago | (#45142911)

I do have one question, if you need reliable encryption and privacy why is your operating systems Windows?

Re:I'm all for an audit (0)

Anonymous Coward | about 6 months ago | (#45142985)

Who says I only use Windows.

Re:I'm all for an audit (1)

ColdWetDog (752185) | about 6 months ago | (#45143429)

You do realize that that between the NSA, FSB, various other TLAs and countless Russian and Chinese hackers, that the Windows source code has been the subject of more careful and complete reviews than any other operating system. Ever.

Re: I'm all for an audit (0)

Anonymous Coward | about 6 months ago | (#45143567)

You can't see the source, you are in the position of having to trust.

Re:I'm all for an audit (1)

Anonymous Coward | about 6 months ago | (#45143659)

Because you need reliable encryption and privacy AND certain ubiquitous tools that are only available under Windows?

Aside from that, the whole linux-is-more-secure-than-windows argument is suspicious; it sounds an awful lot like security through obscurity. What makes you think that your Linux OS isn't full of zero-day exploits? The other side of the "Windows is more popular so more hackers try to find exploits" coin is "Mac and Linux are less popular so less security experts are looking for exploits to plug", after all.

Best encyption ever (5, Funny)

Smidge204 (605297) | about 6 months ago | (#45143015)

I use the best encryption ever for everything I need to keep secret. The algorithm is a simple bitwise XOR applied to every byte in the file, using the data itself as a one-time pad. Completely uncrackable unless you know the data that was used for the pad.

The output also compresses really well!
=Smidge=

Re:Best encyption ever (0)

Anonymous Coward | about 6 months ago | (#45143501)

For those that don't know, this should be scored "funny"; the reason is an exercise left to the (non-programming) reader.

On a serious note though, XOR with an OTP is unbreakable if the OTP is random.

Re:Best encyption ever (2, Funny)

Anonymous Coward | about 6 months ago | (#45143575)

Good, but the decryption is o(god).

Why isn't Bruce using LUKS? (0)

Anonymous Coward | about 6 months ago | (#45143071)

Seriously, now, if Bruce is really that reluctant to run a Linux installer, then he can find plenty of us willing to give him a hand, for the cause.

Setting up, say, Fedora 19 (or some other distro with LUKS in the installer) with VirtualBox, to run the Windows apps he needs and a basic set of productivity apps, is a 1-2 hour job for somebody who has done it before.

No trust without source (-1)

sl4shd0rk (755837) | about 6 months ago | (#45143079)

It's pretty strange that anyone would find an audit or TrueCrypt "trustworthy". It's not open source. You can't compile it yourself. You have no idea what is in the source. At least with Gnupg you have to option of going through it line-by-line to see what the ingredients are. You can't, and never will be able to, do that with proprietary software. Even if you were to verify a single code branch, the publishers may be under a gag order to reveal certain details -- much like Lavabit making this whole argument pointless.

Re:No trust without source (0)

Anonymous Coward | about 6 months ago | (#45143185)

Of course you can compile it yourself. The only reason why some people think it's non-free is because the license is weird.

Re:No trust without source (5, Informative)

mpicker0 (411333) | about 6 months ago | (#45143209)

It's not open source.

Not open source? The source is available for download here [truecrypt.org] .

You can't compile it yourself. You have no idea what is in the source.

You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.

Re:No trust without source (4, Informative)

diamondmagic (877411) | about 6 months ago | (#45143325)

Not open source? The source is available for download here [truecrypt.org] .

You can't compile it yourself. You have no idea what is in the source.

You certainly can compile it yourself; I built it on my old Linux iBook G4 (PowerPC), since there were no binaries available for that platform. As has been discussed above, it does have a weird license, but it is absolutely open source.

Grandparent probably refers to Open Source Software, which is a formally defined term [opensource.org] . It's not enough that you can merely read the source, you have to be able to redistribute it and any changes, too.

Re:No trust without source (2)

Desler (1608317) | about 6 months ago | (#45143759)

No they weren't. They specifically say:

It's not open source. You can't compile it yourself. You have no idea what is in the source.

Which is patently false. You can know what's in the source merely by looking at it (if one couldn't this whole story wouldn't exist) and one compile it.

Re:No trust without source (1)

sl4shd0rk (755837) | about 6 months ago | (#45143769)

Not open source? The source is available for download here.

Wow, TIL Truecrypt is open source :/

Re:No trust without source (1)

Desler (1608317) | about 6 months ago | (#45143787)

How else did you expect them to audit the source if it wasn't publicly available?

Re:No trust without source (2)

mlts (1038732) | about 6 months ago | (#45143393)

GPG isn't perfect either. Trying to get it to compile on Solaris or AIX is a very long exercise in grabbing libraries, building them, grabbing more libraries (prereqs), and a long chain of code. It would be nice if GPG had far fewer dependencies.

Of course, there is NetPGP (which is used in NetBSD because GPG is GPL v3 licensed), but I wonder how hard it would be to port that to other operating systems and rely on its security.

Also, GNUpg is for file encryption. Volume encryption requires a different set of code.

Reverse engineer the Windows binaries? (1)

IamTheRealMike (537420) | about 6 months ago | (#45143193)

The writing random bytes thing, but only on Windows, is rather puzzling. It seems like one way to build confidence that's faster than setting up a deterministic build (which at any rate, would not necessarily be accepted by the TrueCrypt authors it seems), would be to open up the binaries in IDA Pro and figure out if the bytes written there on Windows truly are random or if they are not.

Oh really? (3, Interesting)

Sperbels (1008585) | about 6 months ago | (#45143255)

"TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it except the NSA.

FTFY

A Simple Cheap Way To Do This (2, Informative)

Anonymous Coward | about 6 months ago | (#45143257)

Ask the author how they compile it. Get that exact source and compile it that way. Then work out each difference. Libs get searched in directory or date order? Tweak that. Till all that is different are a few timestamps NIC MAC's, etc.

Then just audit the source. Non-trivial in itself.

Re:A Simple Cheap Way To Do This (3, Informative)

Anonymous Coward | about 6 months ago | (#45143689)

Ask the author how they compile it.

Great idea!

Now we just need to find the unknown, anonymous author...

Brasil sponsoring (1)

Anonymous Coward | about 6 months ago | (#45143545)

Maybe Brasil could be asked for sponsoring this audit ?

It would fit into their current intentions, eg
http://www.theguardian.com/world/2013/sep/20/brazil-dilma-rousseff-internet-us-control

Brilliant ploy? (1)

Anonymous Coward | about 6 months ago | (#45143577)

Is it actually that the NSA can't break TrueCrypt, and this is FUD to make people think twice about using it?

NSA launches project FUD against Trucrypt (3, Interesting)

Anonymous Coward | about 6 months ago | (#45143673)

Be in no doubt. You are NOT witnessing an attempt to ensure the security of Truecrypt. You ARE seeing a standard FUD play by NSA people against one of the greatest thorns in their side.

Put this in the same category as those regular stories that appear on Slashdot and elsewhere, telling you that you CANNOT ever be sure that your erased data on your Hard-drive cannot be recovered by sophisticated forensic analysis of the magnetic surface. The NSA even paid to have a peer-reviewed paper placed in the scientific literature claiming such recovery is possible- despite the fact that such a claim is provably laughable.

Here's the mathematical proof of NONE recoverability of properly deleted data.
- let us say that you fill a HDD with target data, and now over-write that data with a RANDOM series of bytes. If the original data CAN be recovered, we have DOUBLED the capacity of the HDD, because logically there can be no distinction between the original data, and the random data used to erase it.
- now, let's say we wipe again with another random sequence. If the original data can be recovered, we have TRIPLED the capacity of the HDD, for the reason stated above.
- and again, we wipe with another random wave. If the original data is STILL recoverable, we have quadrupled the functioning capacity of the HDD.
- repeat, etc.

The problem is that the HDD is designed, given the head, recording signal, and surface material, to only support the original capacity under the signal theory that covers the current method of recording. It does NOT matter that in theory, the disk material MAY be able to save far more data with a different head, and signal method. Only the current method matters.

But the owners of Slashdot will allow periodic FUD articles to appear that DISCOURAGE people from using proper file erase tools, on the basis that its actually a waste of time, because the NSA can still get your data no matter how you erase it.

Much of what the NSA engages in is PSYCHOLOGICAL WARFARE. Major US TV networks and film studios, for instance, have been ordered to NEVER reveal the fact that ALL mobile phones in the USA have their location continually tracked by cell tower triangulation methods. While is is actually LAW in the US that every cell phone must have continuous location tracking ability, the US government believes many criminals are inherently stupid, and will allow their cell phones to produce evidence against them ***IF*** they have false ideas about how cell phone technology works. US Dramas like 'Shameless' (the US remake) and films like 'The Call' have actually informed the audience that ONLY phones with real GPS chips can be location-tracked- a complete and total lie, but a lie designed to sink into the unsophisticated minds of the sheeple.

The truth about the strength of Truecrypt is the complete LACK of stories about Truecrypt being defeated in practice. Shills will try to tell you that this is because Truecrypt is defeated in super-secret cases you can't be allowed to hear about, but this is a nonsense for two reasons. If you are a high level target of the NSA, nothing can save you, so the security of any encryption system is irrelevant. If systems like Truecrypt are defeated as part of ordinary governmental actions, the government, by law, has to allow this fact to be known (the RIGHT to a fair trial, etc).

So instead, you get this FUD attack against Truecrypt, which will persuade a certain percentage of suckers to NOT bother using Trucrypt in the first place, give up using it, or transfer to a commercial alternative that is DEFINITELY compromised by the NSA (ALL commercial encryption software is compromised).

Why Should We Trust THESE Guys (0)

Anonymous Coward | about 6 months ago | (#45143677)

The ones setting up the auditing.

The first thing that needs to happen (I don't see it on ther website) is to develop the world's trust in this audit team's leaders.

Why mention only old versions? (3, Interesting)

johanw (1001493) | about 6 months ago | (#45143775)

The current version of TrueCrypt is 7.1a. Why are they only talking of older versions?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...