
The VeraCrypt Audit Results - conductor
https://ostif.org/the-veracrypt-audit-results/
======
JoachimSchipper
Those results do not really inspire confidence. Shipping an ancient version of
zlib without patching, ever, is an avoidable mistake. The GOST 28147-89 cipher
basically cannot be used with XTS due to the cipher's 64-bit block size, which
should have been caught by a good crypto engineer.

Also, the most significant new work - the UEFI support - seems to have quite a
few issues.

Note that, despite the color-coding, the list of fixed issues is _not_ the
list of critical (red) issues!

~~~
FieryTransition
Valid points, though I would consider the requirements for writing really
secure software quite high, so I do not think most open source projects could
meet such standards. Maybe it could be compared to developing mission critical
software, like Nasa for example. The amount of resources and rigor they use to
get bugs out of the code is out of the scope of most free/donation software
projects. There are probably a few open source projects which gets close to
being considered secure though, mostly those which are very used and backed by
big companies or foundations.

So we have Veracrypt as the 'good enough' option right now and ease of use,
but you shouldn't happen to know any secure alternatives? You seem to know a
bit about this.

~~~
JoachimSchipper
Really secure software isn't easy to write. But we're not holding the
VeraCrypt developers to a higher bar than the one they've set for themselves.

For disk encryption, use whatever comes with your system. If you have no
preference, Microsoft's BitLocker is excellent - it can incorporate hardware
security features such as a TPM, self-encrypting (OPAL) SSD, it's somewhat
easy to administer, etc.

~~~
pjc50
Bitlocker is excellent in a commercial environment, but the question some
people are concerned about is how it might handle state-level threats.
Although I suspect after Windows 10 techies would find that consideration
moot, there are quite a lot of human rights people still using it for the
usual reasons.

~~~
hannob
If your threat model is that you assume your OS vendor is part of the attack
then you can't use a proprietary OS.

There's probably no free OS either that can give you the confidence level
you'd want, because you probably would want to have reproducible builds, a
trustworthy update process (preferably with some kind of transparency log), a
wide array of exploit mitigations (aslr/pie/pic, grsec kernel, maybe CFI).
There's currently no free OS offering all of those.

~~~
keithpeter
Just out of interest: is there _any_ OS that offers all of those? Libre/Open
Source/Free or proprietary (latter with source access I assume)?

------
technion
The danger I caution against, is that I've seen colleagues jumping to obscure,
and in some cases, obviously broken crypto products, because "I read an audit
that Veracrypt is insecure".

That some person's weekend project doesn't have an audit like this expressing
issues doesn't make it better - it makes it worse. Please consider that when
reviewing the context of this paper.

------
hackuser
OSTIF's financial support is sad. Why is the open source world so generous
with time and so cheap with money? Kudos to DuckDuckGo for apparently being
the only business that pulls their weight; another great reason to use them.

[https://ostif.org/top-ostif-donors/](https://ostif.org/top-ostif-donors/)

    
    
        Top OSTIF Donors
    
        These are the individuals and organizations that have given
        the most support to the OSTIF.
    
        Individuals:
        Derek Zimmer – $1947
        Zach Graves – $188
        Amir Montazery – $200
        Ben W – $30
        Nathan N – $10
    
        Groups:
        DuckDuckGo – $25,000
        VikingVPN – $1000
        A special thank you for website support from Mike from
        HTPCGuides.com
    
    

EDIT: On a second look, is that list really accurate? The fifth highest
individual donor gave $10?

I read about the founder and long-time developer of a well-known, respected
Linux distro, who had to move back to his hometown because he couldn't afford
the Bay Area and has no health insurance. Maybe some of his millions of users
could chip in a little for the incredible service he provides to them. How
depressing.

~~~
jpalomaki
Might be also about how they present things. For example in the linked page
they have the request for donations in small font and end of the results, but
no link to donation page [1]. Edit: and on the donation page the Amazon and
PayPal links are not working.

Don't know how they are collecting money in general, but for me it works best
when you do this: "Now we have $xxx, but we still need $yyy to do this fairly
specific great thing. Please donate!"

[1] [https://ostif.org/donate-to-ostif/](https://ostif.org/donate-to-ostif/)

~~~
StavrosK
I thought you were exaggerating at first, and then I went to try and donate.
Wow. The "donate to OSTIF" link looks like text (black), when all other links
are blue, and, as you said, the PayPal link isn't working (so that removes my
first donation method), and the Bitcoin link requires me to copy/paste an
address to my phone (there isn't even a QR code), so I just plain can't
donate.

------
djsumdog
I was a big fan of TrueCrypt before its still very explained end.

Glad we finally have a security audit of this fork. True/VeraCrypt has been
essential in defending the rights and freedoms of many people. Hope this
project continues.

~~~
joering2
Interesting you make that point. Do we have anything good to back this up -
like court cases, etc? Where use of TC/VC stopped LE snooping into peoples'
belongings??

~~~
mhogomchungu
[http://www.techworld.com/news/security/fbi-hackers-fail-
to-c...](http://www.techworld.com/news/security/fbi-hackers-fail-to-crack-
truecrypt-3228701/)

------
zerognowl
So many bootloader fixes, this is awesome! For those using FDE, read this:
[http://spaceisdisorienting.com/when-fulldisk-encryption-
goes...](http://spaceisdisorienting.com/when-fulldisk-encryption-goes-wrong)

I tend to use FDE for non mission critical working environments, like casually
surfing the web, or just messing around with code. FDE can go wrong at the
worst of times, and can undo years of work if you let it.

That's why if you're using FDE for anything important, you should be backing
up crucial data to containers, or otherwise preparing for the entire disk to
be scrambled beyond repair and or bricked.

~~~
pwnna
That article describes how the master encryption key stored on the hdd (your
password encrypts this key afaik) gets corrupted, which means the author was
unable to recover the files on the computer even if nothing is wrong anywhere
else.

Now I'm not familiar with the inner workings of OS X as I don't personally use
that system. However, with FDE (LUKS) on Linux, this is 100% avoidable if you
backed up the LUKS Header: [https://calum.org/posts/backup-your-LUKS-header-
and-LVM-conf...](https://calum.org/posts/backup-your-LUKS-header-and-LVM-
config).

This does not negate the need for a real backup tho. So you should backup your
data regardless, however you want to do that.

~~~
cmurf
I think there ought to be two copies of the header these days; each written
out separately and atomically, and checksummed, similar to GPT (in the UEFI
spec).

------
therealmarv
I've read several times that VeraCrypt is not 100% TrueCrypt compatible. Any
experiences? I switched anyway for most stuff to EncFS (and not using
containers anymore, but the reasons for this is more cloud backup) but I'm not
sure if I would upgrade from old TrueCrypt 7.1a (for old containers) to
VeraCrypt in the future.

~~~
mhogomchungu
VeraCrypt's on-disk format is NOT compatible with TrueCrypt's on-disk
format,they are two totally different things and must be handled differently.

VeraCrypt binary application can unlock TrueCrypt volumes but CAN NOT create
them.The application has a setting to default to TrueCrypt volumes and hence
if all you do is unlocking your TrueCrypt volumes,you can conveniently use
VeraCrypt to unlock your TrueCrypt volumes.

I think it will be better if you switch to VeraCrypt and set this
option.Alternative "native linux" tool you could use to manage your TrueCrypt
volumes in linux is zuluCrypt[3].

EncFS has its own issues[1] and there are a number of new projects that seeks
to replace it and SiriKali[2] is a GUI tool to manage all these newer tools.

[1] [https://defuse.ca/audits/encfs.htm](https://defuse.ca/audits/encfs.htm)

[2]
[https://mhogomchungu.github.io/sirikali/](https://mhogomchungu.github.io/sirikali/)

[3]
[http://mhogomchungu.github.io/zuluCrypt/](http://mhogomchungu.github.io/zuluCrypt/)

~~~
77pt77
> I think it will be better if you switch to VeraCrypt and set this
> option.Alternative "native linux" tool you could use to manage your
> TrueCrypt volumes in linux is zuluCrypt[3].

You can mount truecrypt volumes without any special tools on linux (only
cryptsetup).

    
    
        cryptsetup open --type tcrypt [volume] [name]
    

It even works with hidden partitions.

------
arunc
How do we request OSTIF to audit a project? For instance, Tox [0] claims to be
secure. Is there a way to request them to audit Tox?

[0] [https://tox.chat/](https://tox.chat/)

~~~
conductor
Next they are planning to audit OpenVPN and then OpenSSL (according to today's
AMA[0] answers on Reddit).

[0]
[https://www.reddit.com/r/privacy/comments/57yfla/veracrypt_h...](https://www.reddit.com/r/privacy/comments/57yfla/veracrypt_has_been_audited_here_are_the_results/)

------
barking
In my experience veracrypt doesn't actually support guid partitions. I had to
re-install windows after using veracrypt to encrypt my new machine.

FWIW I'd recommend changing your partition type to mbr and using truecrypt
7.1a instead.

I don't trust veracrypt after such a negative experience.

------
noarchy
VeraCrypt has not been usable for me, since upgrading (if I can call it that)
to macOS Sierra. There seems to be an issue with FUSE for macOS, preventing me
from mounting anything.

~~~
ysleepy
Works for me. OSXFUSE 2.8.3 installed - as the VeraCrypt installer instructed.
Installed on El Capitan, works after Sierra Upgrade.

------
iUsedToCode
Thanks for the info. Not only am i more sure that VeraCrypt is a good
alternative to discontinued TrueCrypt (which i used and loved for years), but
i learned about a new version with important bug fixes.

I should donate to more open source projects. I use them everyday. Yesterday i
found "paste" program and almost broke down crying that somebody 40 years
earlier provided free solution to problems i didn't even know i had. I love
that about free software.

------
zapt02
Anyone with experience on DiskCryptor? I've been using it for a while and it
seems to be stable and well-built, but development seems to have halted and
now I'm looking to possibly jump ship to VeraCrypt.

------
Kenji
If you find this many critical bugs, there is no doubt that there are more,
since it is indicative of the overall code quality. Still, what they're doing
is good work and crypto remains hard. I am glad they're doing it.

~~~
AdmiralAsshat
That reasoning strikes me as flawed. It would be like submitting a term paper
to a teacher after he proofread your draft, _with_ all of his suggested fixes,
yet his final response is "Oh sure, you fixed all the problems I found. But I
found so many before, what about the ones I _didn 't_ find? C+"

This was a third-party audit, and VeraCrypt fixed all of the critical ones
that they found. All software has bugs. To find some that are critical is not
necessarily indicative of the quality of code on the whole.

~~~
water42
actually, it would be more like students submitting 100,000 term papers to a
teacher after the teacher proofread the drafts and the students made all his
suggested fixes.

auditing a large codebase certainly isn't as easy as proofreading a paper.
it's not a "one and done" scenario. especially when you also factor in the
security requirements of encryption software. the world won't end if there's a
missed spelling mistake or two in a term paper, but if there are critical
vulns in VeraCrypt the _entire software_ could be rendered useless

------
JohnStrange
The audit confirms my suspicions that VeraCrypt is relatively unsafe.

I would also suggest to take into account the fact that, albeit being open
source, it is primarily developed by a French security company whose web pages
[https://www.idrix.fr/Root/](https://www.idrix.fr/Root/) do not inspire
confidence in combination with France's history of dealing with encryption. A
conflict of interest can easily arise in such companies between the companies
or authorities that pay them and the interests of the general public.

"You'll find below a partial list of those who gave us their full trust, as
some of our customers prefer to remain discrete about our collaboration."

~~~
laurent123456
> do not inspire confidence in combination with France's history of dealing
> with encryption

So which country would inspire confidence then? Reading the news these days it
seems most developed countries are equally guilty of mass surveillance and
trying to meddle with encryption technologies.

The only way to really be sure is to have independent audits like they just
did, and the VeraCrypt developers are apparently keen to keep making these
audits happen.

~~~
JohnStrange
First of all, mass surveillance has nothing to do with this topic. Second,
trying to meddle with encryption technologies is not the same as state
regulation of encryption and prohibiting encryption, which is what France's
lawmakers did in the past and tried to re-institute recently.

I'm not the kind of guy who compiles the source code himself and vets it
against the audited code (who is, frankly speaking?), so I only run encryption
software that has been developed by individuals and non-profit groups of
individuals that do not run a private security company and that I consider
trustworthy based on personal criteria.

In cryptography, private companies have proved again and again that they
cannot be trusted. They invariably mess it up due to incompetence or meddling
with the government (see e.g. Crypto AG as a typical example). Open source is
good, of course, but it is only a necessary, not a sufficient step. Security
audits will not help you at all if you download binaries from untrusted
sources.

It's fine if you trust Idrix, but it's also fine and fully rational if I
don't, based on what I know about France's intelligence apparatus and how they
operate.

Yes, I _do_ consider it possible with a low but significant enough subjective
probability that Idrix is a government setup.

