
TrueCrypt security audit presses on, despite developers jumping ship - tptacek
http://arstechnica.com/security/2014/05/truecrypt-security-audit-presses-on-despite-developers-jumping-ship/
======
tptacek
I was a little surprised to find out this morning that this was already
public.

The cryptography audit for Truecrypt is going to be run much differently than
the software security audit. We'll have more to say about it next week, but
for now: it's something in between a "public bug bounty" and a "summer of
code" program. Me, Nate, and several other crypto people will be working not
as consultants to the projects, but as "mentors" (I hate that term) leading
developers interested in cryptography.

As to why the audit is proceeding: it's obvious, at least to me. Tens of
thousands of people will continue to use Truecrypt no matter what we do, and
if nobody takes a serious and organized look at its cryptography, the
circumstances behind the conclusion of its development will create yet another
Internet Crypto Urban Legend.

~~~
diminoten
One of the things I see you regularly talk about, and something that bothers
me a little, is this idea of crypto "pedigree". That is, folks without crypto
backgrounds attempting to write crypto software tend to, in my observation,
evoke your ire, and the ire of many others in the field.

Taking that for granted for a moment, would this security audit be for the
folks who've already become part of this class of "elites", or is this
something one would do in an effort to be taken seriously in the security
community by those currently in it?

~~~
tptacek
Give me a break. 12,000 people have signed up for our crypto challenges, in
which they write 6-7 batches of 8 crypto exploits each in the language of
their choosing --- people have _invented new programming languages_ to do them
in, and we've gotten them through all of the challenges --- and, by directly
engaging us over email, get both validation of each of their challenge
responses and 1:1 support. I am off the charts tired of people acting like my
issue with incompetent crypto is a form of "elitism".

The fact that you managed to inject that bogus complaint into this particular
story, which, if you'd read the just 142 words I wrote a little carefully, is
obviously the _exact opposite_ of what you're "concerned" about, is all the
more annoying.

What "draws my ire" is cryptographic incompetence. Cryptographic incompetence
gets people hurt. I do not give a shit about how those developers feel.

For whatever it's worth to anyone else reading this: you will rarely ever see
me get pissy about an incompetent amateur _breaking_ crypto. _Breaking crypto
is what you 're supposed to do to get good at crypto._

~~~
diminoten
Your last statement is exactly what's always bothered me about your attitude,
and how it contradicts _directly_ with the sentence prior.

I'm not going to give you a break so long as you don't give folks who are
trying to create things a break. Bad crypto gets people killed, but no crypto
does too, and perhaps your elitist attitude (and it's not just you, it's the
community at large) is why we have only TrueCrypt and nothing else.

~~~
tptacek
Bad crypto gets _more_ people hurt than no crypto, because it tricks them into
revealing secrets to investigators under the pretense that they're safe when
they're not.

No part of my attitude impacts how many FDE solutions we have. We don't have
lots of FDE systems because, unlike terribly broken Javascript cryptography
applications, FDE systems are very difficult to write.

Apropos neither of those last two statements: it's not clear to me that you
understand what's actually being announced in this Ars story.

~~~
diminoten
Well, naturally you, possibly part of the problem, would deny the problem
exists. We had this discussion before, and this is where we quickly landed.

As for the article, I haven't actually commented on it whatsoever; I was
commenting on _your_ announcement. It's interesting to me you wrote that, but
whatever.

~~~
tptacek
If there's something in this comment you expect me to respond to, clarify, or
recognize as a coherent argument, I can't find it.

If you have questions about the Truecrypt Phase 2 audit, and I'm in a position
to answer them, I will endeavor to do that.

~~~
diminoten
Is it intended for experienced crypto programmers or new folks who want to
learn more? Does that question make sense? You didn't give many details (which
is fair).

~~~
tptacek
If you're an experienced crypto designer, we'd like to talk to you about
volunteering alongside Nate and I as unpaid advisors.

If you're interested in learning more about cryptography, we'd like to talk to
you about working on the audit directly, reporting to an advisor. As I
understand it, many of these auditor roles will have stipends associated with
them.

If you're aware of an elite cadre of crypto people that might be available to
serve in the auditor roles, I'd love to know about it. The overwhelming
majority of the people that do our crypto challenges have zero prior crypto
experience, and many of those are the same people we hope to see staffing
Phase 2 of the audit.

Teaching a bunch of developers some new stuff about cryptography would be a
nice knock-on benefit of the audit, but it's important that I be clear that
the funding for this audit was earmarked for _actually improving the security
situation for Truecrypt_. So we'll probably be somewhat selective about the
audit team. I'll have more to say about this next week. This all got sprung on
me very quickly, like I said, because of this week's events.

~~~
illumen
Seems TrueCrypt is dead and declared unfit for use. So the security situation
is already improved.

~~~
dkersten
_" As to why the audit is proceeding: it's obvious, at least to me. Tens of
thousands of people will continue to use Truecrypt no matter what we do..."_

So, no, the security situation has not already improved.

------
massysett
Many (most?) TrueCrypt users obtained the software as a prebuilt Windows
binary; they did not compile it from source. So even if the source code is
clean, maybe the binaries were not. Is there any way to audit this and if so
is that being done?

~~~
m_ram
It has been done [1]. Rule #2 of the audit project will solve the problem for
future builds [2].

[1] [https://madiba.encs.concordia.ca/~x_decarn/truecrypt-
binarie...](https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-
analysis/)

[2] [http://istruecryptauditedyet.com/](http://istruecryptauditedyet.com/)

------
ausjke
For linux only system, what about dm-crypt?

~~~
tptacek
We will not be looking at dm-crypt or any other piece of cryptographic
software. Our charter is to assess Truecrypt, and Truecrypt we shall assess.

~~~
zeroexzeroone
I think some have assessed you are a snarky little fucker.

EDIT: big fucker I should say

~~~
enscr
You have a 'truly cryptic' way of thanking people for their time & effort
/sarcasm

