

ISEC Completes TrueCrypt Audit - sweis
https://isecpartners.github.io/news/2014/04/14/iSEC-Completes-Truecrypt-Audit.html

======
jlgaddis
FTA:

 _> "iSEC did not identify any issues considered "high severity" during this
testing. iSEC found no evidence of backdoors or intentional flaws. Several
weaknesses and common kernel vulnerabilities were identified, including kernel
pointer disclosure, but none of them appeared to present immediate
exploitation vectors. All identified findings appeared accidental."_

------
at-fates-hands
"...while TrueCrypt does not have the most polished programming style, there
is nothing immediately dangerous to report."

Classic. Taking a dig at the developers while telling the rest of the world
TrueCrypt is ok to use.

~~~
eitland
?

This seems matter-of-factish to me as long as they can defend it. (Hey, some
of the code tha I've written to save people time and money does not have a
very polished style, -that is a matter of fact and I'm fine with that.)

~~~
at-fates-hands
I was just pointing it out since it wasn't really necessary to even include in
the report. I agree though. I've written some God awful code that gets the job
done, but would be hell to try and refactor.

------
molticrystal
ISEC Complete PHASE I of the TrueCrypt Audit, this is just of the driver and
loading software, phase II is cryptanalysis.

------
pearjuice
This might be my tinfoil hat speaking, but _could this be disinfo_?

~~~
skrowl
Couldn't ANY security audit performed by ANYONE be disinfo?

Couldn't your pointing out that it might be disinfo also be disinfo in itself?

Oh crap, infinite loop!

