
Another update on the Truecrypt audit - tomrittervg
http://blog.cryptographyengineering.com/2015/02/another-update-on-truecrypt-audit.html
======
basic365
This project will probably get outdated by windows 11 or 12, it will lose
support and become legacy ...

I don't see why people should spend money auditing it, instead of building
maintainable alternatives

~~~
Someone1234
TrueCrypt was much more flexible than anything Windows has to offer.

Bitlocker is great for enterprise-style encryption, in particular on machines
with TPM chips. However many consumer machines do not include a TPM, even in
2015.

TrueCrypt allowed you to encrypt individual drives, even offline drives, with
no Bitlocker overhead. You also weren't required to decrypt them upon each
boot like Windows' Bitlocker insists upon.

Additionally TrueCrypt would also encrypt directories, USB drives, hidden
volumes, various encryption algorithms, double encryption, and so on.

Plus it was cross-platform friendly (or at least more so than BitLocker). What
are we meant to use to move encrypted data from Linux to Windows now? 7Zip
w/AES 256?

~~~
bhayden
Not to mention how much the US governments advocates against encryption they
can't have backdoors to. They have a lot more influence over the encryption in
Windows than TrueCrypt. Not suggesting they DO have backdoors to Bitlocker,
there's not enough evidence, but the probability is much higher.

~~~
TehCorwiz
They do in the form of OneDrive.

[https://news.ycombinator.com/item?id=8546524](https://news.ycombinator.com/item?id=8546524)

Short story is that if you use Windows 8{.1} and have a Microsoft account then
it will upload your BitLocker keys by default. Seems to me like a backdoor if
ever I heard one.

------
Canada
I'm looking forward to the next report.

One thing I noticed looking through the code is that the key generation on
Windows mixes a CRC32 of a MOUSEHOOKSTRUCT. If you look at it, there isn't a
huge amount of entropy in there... Some fields, such as the window handle,
don't change between callbacks. Others, such as the hit test code are enums
with limited possible values, and the way that most people move the mouse
around will return the exact same value all the time. The difference in time
between two different values is run through CRC32 a few times and then the
whole thing is run through a real hash. Most users don't bother adding entropy
from the keyboard.

While I don't think any of this is a vulnerability, I think it could be
better.

[edit: I'm talking about Common/Random.c in 7.1a. And by better I'm suggesting
additional sources of entropy be included in the process]

~~~
tedunangst
It doesn't at least try CryptGenRandom?

~~~
Canada
You are right, it does use that if available. It grabs a bunch of other system
state as well, depending on the situation.

------
tptacek
More discussion:
[https://news.ycombinator.com/item?id=9069295](https://news.ycombinator.com/item?id=9069295)

~~~
diminoten
Can you explain this quote from you and your involvement in the TrueCrypt
audit?

"By encouraging people to rely on tools like Truecrypt, you are, in a very
small but real way, endangering them." [0]

It just seems like you supporting the audit (and therefore supporting
TrueCrypt) is at direct odds with what you said an hour ago.

[0] -
[https://news.ycombinator.com/item?id=9071126](https://news.ycombinator.com/item?id=9071126)

~~~
chimeracoder
It's pretty easy to explain - and in fact, you got your answer[0]

> Block-level encryption is a terrible, terrible approach for many reasons
> (which 'tptacek has referenced a million times). However, Truecrypt is the
> best such implementation, and it's a required approach in certain cases. You
> should be doing crypto at the application/filesystem level; if you can't,
> use Truecrypt. This isn't contradictory advice.

The only reason this even seems remotely contradictory is because you've taken
Thomas's statement completely out of context (perhaps because it's nested
about 50 lines in from the top-level comment that even provided the context in
the first place).

Alternatively, it's only contradictory if you take a black-and-white, all-or-
nothing interpretation of what Thomas says... which is quite ironic, because
one of his key criticisms of Truecrypt is that it is all-or-nothing, as stated
_in the very same post that you quote_ [1].

[0]
[https://news.ycombinator.com/item?id=9071492](https://news.ycombinator.com/item?id=9071492)

[1]
[https://news.ycombinator.com/item?id=9071126](https://news.ycombinator.com/item?id=9071126)

------
2f3opkvelf
You can be proud, make 10000% more money that true crypt developer for several
years working and now act like nothing happened. This audit was reasons why TT
is offline

~~~
juliob
Sorry, didn't understand that.

~~~
jszymborski
Think he was getting at a theory that the development of TrueCrypt was
abandoned because of the audit, for some reason. Maybe for reasons of pride
(questioning their integrity by looking for backdoors) or fear that something
nefarious would be uncovered.

The first is plausible, the second doesn't sound like the reaction an
anonymous author would have.

Most plausible reason the devs abandoned it imho is that they got bored.

------
ThinkBeat
From Wikipedia:

TrueCrypt is a discontinued source-available freeware utility used for on-the-
fly encryption. It can create a virtual encrypted disk within a file or
encrypt a partition or the entire storage device.

Since TrueCrypt is dead, what is the purpose of auditing it? Is there an
official team that is ready, willing and able to take over maintenance and
development?

If anything should be audited I would think it should be one of the forks.

But the author makes the following comment on the other thread:

\---------------------------------- Also: speaking in no "official" capacity
whatsoever, I'd advise you to stay away from the forks of Truecrypt. Unless
something new has come to light since last I looked, the licensing situation
on the TC code is weird:
[http://lists.freedesktop.org/archives/distributions/2008-Oct...](http://lists.freedesktop.org/archives/distributions/2008-Oct..).
... which means there is a pretty strong disincentive for people with serious
crypto and systems expertise to invest their time and energy building on it.
You don't want to trust crypto platforms with built-in adverse selection
problems.

\---------------------------

So the forks have issues and the main project is dead?? But we needz more
money to audit it more?

I am also unclear what the first expensive audit accomplished if it did not
cover encryption. Sounds like having an inspection on a house that covers part
of the roof and two rooms and nothing else like the foundation. Does anyone
have a link to the original campaign to raise money?

~~~
whoopdedo
> Since TrueCrypt is dead, what is the purpose of auditing it?

To access existing volumes. All my backup CDs were TC encrypted.

And I haven't found a replacement that is all of easy to use, stable, and
cross-platform. New encrypted volumes I make are LUKS but the Windows FreeOTFE
is even deader than TrueCrypt. It still works, mostly, but could be a lot
better.

~~~
ThinkBeat
If someone needs to access existing truecrypt volumes in order to migrate
data, I dont see how the audit helps since the only way to get the data is to
use truecrypt.

I guess the alternative is to just lose all the data.

If the audit found any problems then it would most likely mean that further
use was problematic, not that migrating existing volumes was problematic.

