Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrueCrypt Audit is finished: No backdoors found


  • Please log in to reply
8 replies to this topic

#1 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:08:38 PM

Posted 02 April 2015 - 12:27 PM

The 2nd and final report of the TrueCrypt Audit just came out today with a conclusion: TrueCrypt isn't backdoored. The Audit showed no signs of obvious backdoors in the program and no major flaws. Of course, small programming errors were found and they could, under exceptionnal conditions, be exploited or affect TrueCrypt, but the chances of this happening/occuring in the wild are really, really low. In other words, TrueCrypt is still safe to use so everyone who had doubts about it can now take a deep breath and relax.

Below is the PDF report of the Open Crypto Audit Project for TrueCrypt:

https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf

The latest TrueCrypt version that was widely used and considered the safest was v7.1a. The main website being down, you cannot download it anymore. However, I still have the original TrueCrypt 7.1a installer (since I keep all my installers in a folder on my HDD) and I can upload it for the members here that are interested in it IF I'm allowed to. I can also send it to a BleepingComputer Staff member if they want to confirm the legitimacy of the installer (signature, hash, etc.)

Who here is going to keep on using TrueCrypt? Who here stopped using it for the time of the audit and will start using it again?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


m

#2 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:08:38 PM

Posted 02 April 2015 - 01:59 PM

there is that whole business regarding the developers pulling the plug on True Crypt, telling everyone not to use their program, and issueing a final version that only un-encrypts stuff previously encrypted by True Crypt. 

 

I thought about trying out whole disk encryption, just for the sake of trying really, but I gather that none of the free ones work with UEFI boot, and maybe not with GPT file structure either. Besides, I use a desktop and I am not expecting either thieves or government agents to take my hardware away.



#3 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:08:38 PM

Posted 02 April 2015 - 02:25 PM

Some people are saying that TrueCrypt isn't fully Windows 8/8.1 compatible for full drive encryption so they advice against using it. I've seen people using it to encrypt their whole drive with Windows 8.1 and it works, but I think that officially when it was discontinued, it wasn't supported.

Also, doesn't VeraCrypt supports full disk encryption?

https://veracrypt.codeplex.com/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:08:38 PM

Posted 02 April 2015 - 02:45 PM

judging by what I read on various forums -including veracrypt's- there seems to be problems with booting to an encrypted volume using UEFI, because the encryption software writers simply don't have the detailed knowledge of UEFI needed. As far as I know, only Microsoft for certain has figured that one out (e.g. Bitlocker), although I saw one other program mentioned as working with UEFI (I think Drivecrypt) which cost around $100 to buy.

 

There is a separate, related issue with encrypting GPT partitions in general, but I think several softwares have probably figured that one out.



#5 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:08:38 PM

Posted 02 April 2015 - 02:48 PM

A lot of developpers are bashing their head on a desk over UEFI/EFI and how it works. I had my hard drive encrypted with BitLocker, but then I decrypted it because there was a "delay" for my Windows to access it and so my desktop (which isn't on the SSD, but the HDD) wouldn't load and throw an error message. I guess I could had easily bypass this by making the password prompt on boot but I didn't feel like entering my password twice (even thought I'm sure there's a way to unlock my account using the BitLocker password if it's the same, linking the user account). Anyway at the time I was messing around with it I didn't have the time to go that in-deep :P

I still use TrueCrypt for encrypted containers however, it works very well. Same for hidden partitions.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 AM

Posted 03 April 2015 - 04:56 PM

I've seen people using it to encrypt their whole drive with Windows 8.1 and it works, but I think that officially when it was discontinued, it wasn't supported.

 

TrueCrypt does not support GPT partitioned disks. So people using it on Windows 8.1 use an MBR disk.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 JohnC_21

JohnC_21

  • Members
  • 21,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 PM

Posted 03 April 2015 - 05:32 PM

GRC keeps a archive of Truecrypt.

 

https://www.grc.com/misc/truecrypt/truecrypt.htm



#8 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:08:38 PM

Posted 03 April 2015 - 09:04 PM

Thanks for the link John, I'll see if I can get it added in the OP so people won't have to look for it in the thread. And Didier that explains it. People just needs to find out if they are using MBR or GPT partitionned hard drives to know if they can use full disk encryption or not from TrueCrypt.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 O.T.T.

O.T.T.

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:38 AM

Posted 04 April 2015 - 04:04 PM

Who here is going to keep on using TrueCrypt? Who here stopped using it for the time of the audit and will start using it again?

I use TrueCrypt 7.1a just for encrypted containers (on Windows 7) and now I like it even more !

 

OTT


Please ask Google why some of my links don't work anymore !





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users