Auditing TrueCrypt

Recently, Matthew Green has been leading an independent project to audit TrueCrypt. Phase I, a source code audit by iSEC Partners, is complete. Next up is Phase II, formal cryptanalysis.

Quick summary: I'm still using it.

Posted on April 15, 2014 at 6:56 AM • 56 Comments


kronosApril 15, 2014 7:35 AM

While I am glad to see this, it puts me in the same mindset I had as a kid awaiting Christmas: looking for something good but expecting some disappointment too...

Hopefully the end result will be better than those awful hand made socks from Aunt Regina.

LuksApril 15, 2014 7:57 AM

Anybody using Tails this is how to create and mount Luks containers. They are still auditing Truecrypt, Luks is already audited:

dd if=/dev/urandom of=/home/amnesia/secret count=100k (alter count to increase size)
sudo losetup /dev/loop1 /home/amnesia/secret

sudo cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 luksFormat /dev/loop1 (creates 145,000 iterations, as recommended by Hashcat PW breaking forums)

sudo cryptsetup luksOpen /dev/loop1 decrypted
sudo mkfs.ext4 /dev/mapper/decrypted
mkdir open_container
sudo mount /dev/mapper/decrypted ~/open_container
cd open_container

Unmount and close container:
sudo umount ~/open_container
sudo cryptsetup luksClose /dev/mapper/decrypted
sudo losetup -d /dev/loop1
Now copy "Secret" to wherever you want to back it up.

To mount the container in the future: (write a script, keep it in persistence)
mkdir decrypt
sudo losetup /dev/loop1 /home/amnesia/secret
sudo cryptsetup luksOpen /dev/loop1 decrypt
sudo mount /dev/mapper/decrypt ~/decrypt

@LennieApril 15, 2014 8:07 AM

OpenBSD is slashing and rewriting OpenSSL, their work will probably filter into other OSs eventually.

"So the OpenSSL codebase does "get the time, add it as a random seed" in a bunch of places inside the TLS engine, to try to keep entropy high. I wonder if their moto is "If you can't solve a problem, at least try to do it badly".

AndyApril 15, 2014 8:37 AM

I'll put on my tin foil hat and play the devils advocate:

"They" had to anticipate fine hair comb audit of TC. So whatever the exploit MIGHT be, it could be something that works only in conjunction with an as of yet undisclosed OS / kernel exploit.

Aside from that, do I understand it right, as of now they checked the implementation, but have not (yet) undertaken a check of the hashing, RN generators and other crypto at heart portions of the code?

The bad things MIGHT still be there. Even with both phases of the audit completed, there might be conditional backdoors (making it into the binary only if assembled by a certain version of a buggy compiler) and there still is the uncertainty of a) the auditors (one of them might be in "their" pockets and b) the integrity of those organizations.

Can anyone elaborate how trustworthy those institutions are?

Luky LoserApril 15, 2014 8:43 AM

@ Luks:

At present on Mint 16 KDE, the installer gives you the only whole-disk-encryption possibility as use of LVM and LUKS, with obligatory SWAP (size = RAM) and default AES-XTS-PLAIN64. You need to be a PhD systems programmer to setup up non-default options, and even if you try to do it manually the installer does not allow you to input the encryption passwords, so the installation crashes. Surely the distro maintainers could

1. allow selection of partitions to set up under LVM (I don't need SWAP with my RAM) and

2. allow a TrueCrypt-style drop-down menu for selection of encryption algorithms and related choices.

If they've done it on purpose (forcing the default options) because they think that only PhD systems programmers can make an informed choice of encryption algorithms, maybe they should think it through.

JasmineApril 15, 2014 8:48 AM

How can we be sure that the US Government haven't got a secret law that prevents the audit from revealing the back door? The restrictions they put on the lavabit creator showed their true dictator power.

Or what if NSA pays some of the auditors from finding anything?

ArgleApril 15, 2014 9:14 AM


No, that's stupid. Cryptographers right now are not fond of the NSA and at the very least, the cryptographer auditing this would hint at being suppressed.

ThothApril 15, 2014 11:42 AM

Well, you got to subvert everyone on the project. The source are open sourced too. If you don't trust the binaries, just download the source and do your own audit and compilations... :) .

SimonApril 15, 2014 11:47 AM

@Argle - you're kidding, right? The vast majority of cryptographers WORK for the NSA.

Joshua RubinApril 15, 2014 11:52 AM

Section A.1 of the Truecrypt code review document shows an "over-read" error that is essentially the same as the now famous openssl bug.

(I had trouble getting the comment system to accept the C language left-shift operator, so I had to write it in words.)

The stored() function operates on a byte stream read from disk. The amount of bytes to operate on is read from the input byte stream. Once read, this amount is verified against the size of the output buffer and is then used to copy bytes from input to output:

len = s->in[s->incnt++];
len |= s->in[s->incnt++] LEFT_SHIFT 8;
if (s->out != NIL) {
if (s->outcnt + len > s->outlen)
return 1; /* not enough output space */
while (len--)
s->out[s->outcnt++] = s->in[s->incnt++];

LuksApril 15, 2014 12:07 PM

It should be noted TC should only be used for full disk encryption on Windows. Lots of data leakage including keys getting cached if you just create containers only.This is in the TC docs though

Shawn SmithApril 15, 2014 2:41 PM

Joshua Rubin,

You can use "<" to get the less-than sign. It's not okay to just put it in directly because an HTML parser would see that as the opening of an HTML element. To get two of them next to each other, use "<<" (without the quotes.) If you need to put in an ampersand (&) try "&" (without the quotes.) If you were trying to get the double-left-angle-brackets instead, try «

Here's proof it works:

    len |= s->in[s->incnt++] << 8;

I'm kind of surprised you didn't know that, if you were able to understand the report.

JacobApril 15, 2014 2:43 PM

Initially, I was excited to hear about the audit plans of TC. However, after reading the Phase I report, I am not so sure anymore.
The basic question that a sophisticated user asks is:
Could containers and /or partitions resist gov agencies attack, and are there back-doors, weak implementation or glaring design/programming flaws in the code?

In the ring we have, on one corner, 2 code auditors that look through major, but not all, parts of the code for a couple of months (and for Phase 2 probably 1-2 crypto experts will get onboard), while in the other corner we have the TC developers and possibly some gov agencies.

Since the TC developer(s) are anonymous, there is no established trust in them. Auditors need to comb the code with the same level of suspicion as the guy who finds a USB stick on the street and wants to see what's in it on his home computer. And if the developer is legit, still he can screw up - see openSSL. If the NSA is also in that corner of the ring, then it is a safe bet that it can put some very sharp individuals to subvert the code.

When the NSA subverted the Dual_EC_DRBG, experts grew suspicious from the beginning since there was no advantage at all, just disadvantages, to that algorithm. Still, they needed Snowden to show the proof. TC, on the other hand, looks good, sleek, well documented and there aren't good and known-safe alternatives. No a priori suspicion. Economically speaking, it will be difficult to find an intentional subversion.

An analysis of the code within the current auditing framework will not alleviate the suspicion. Since we can not influence the anonymous developer(s)with any pointers how to improve the code, and certainly we can not totally be sure whether the code is subverted or not , I think that we need to find a binary answer: To trust or not to trust. To answer that question, the collected money (about $60K so far) may do more good if allocated as a bounty to any researcher that can break TC: publish a disk image and a container, and ask the world to crack either one. This is quite an incentive. and we will get many more sharp eyes looking through the code. If successful - then no trust in TC. I guess that's all we need

MikeAApril 15, 2014 3:32 PM


The person who can crack TrueCrypt and reduce the method to script-kiddie levels can get a lot more than $60K for that tool. That's the major problem with using people motivated solely by cash. The gentle souls of the world will never be able to match the bid from the criminals (private and public).

Nick PApril 15, 2014 4:29 PM

My analysis of TrueCrypt risk is here:

MarkH made a good point:

"Those deterred from using TrueCrypt (or other highly respected privacy tools) by Dread Nameless Fear are likely to end up using alternatives which may be ACTUALLY insecure.

Those who fear that TrueCrypt is subverted might profit from spending a few minutes pondering that there are Computer Science departments all over the world with many hundreds of professors and thousands of graduate students, some of whom specialize in infosec/crypto.

Because TrueCrypt is so widely used and relied upon, the first CompSci department to announce that they'd proved a backdoor in TrueCrypt would be world-famous, attract rivers of funding, and have the best imaginable prospects for their future careers."

@ Jacob

"Since the TC developer(s) are anonymous, there is no established trust in them."

That's neither true nor a good way of looking at things. Best way to determine trustworthiness is by looking at a groups actions. In this case, what they produce. The design, code and documentation are available. That most reviews have been in their favor lends trustworthiness to them. That many attacks on Truecrypt by TLA's failed adds more trust. That FBI and NSA develop tools to bypass OS/memory protections to extract keys shows that they need the keys, which lends trustworthiness to Truecrypt.

In summary, the developers might be malicious and product might be a trap. Only a thorough analysis by professionals can confirm or deny that. Yet, most reviews and experiences are in favor of TrueCrypt team. In security, we use such things to determine trustworthiness. So, for now, a vetted Truecrypt source compiled using trustworthy tools should be considered trustworthy. If not, it can always be combined with other methods.

Alternative approach

TrueCrypt has shown itself to be usable, fast, cross-platform, and reasonably secure. Yet, it's accumulated a lot of code written in a language known for safe code interactions (sarcasm). I vote the best way to handle this is to document the abstract design of the Truecrypt software, have cryptographers vet that design, and then implement that with an assured development process. I recommend Praxis as they did a CA aimed at ITSEC E6 (highest) certification. Their process should work here. The deliverables, from specs to code to docs, will all be public for peer review. (They did that in Tokeneer.) The software will be designed in iterations, with problems found during one fixed in the next. Fixing existing problems, especially those risking vulnerabilities, will take priority over adding new features. End result will be very trustworthy both in terms of potential software errors and subversion.

I'll add that anyone wanting to selectively take parts of Truecrypt code and implement a safe alternative can according to license. They just can't mention Truecrypt. From same discussion, MarkH said:

"About the TrueCrypt license: it specifically permits modification of the software, and distribution of modified software (including for commercial sale). This is in the general pattern of other open source licenses I have seen. The license imposes one salient restriction: modified versions can't be called TrueCrypt or any variation thereof."

JohnApril 15, 2014 4:59 PM

The swedish police did somehow retrieve information on a truecrypt partition of the pirate bay founder a year ago, and it did help to convict him (for other crimes than running a torrent site). It would would be very interesting how that happened, it was never disclosed in the trial.

CarpeApril 15, 2014 5:15 PM


The main attack vector for FDE is usually proper forensic recovery of RAM. So if they managed to raid him, even if he shutdown, unless he had a RAM wipe setup to happen on shutdown, RAM contents can often be extracted (freeze for longer preservation) etc. Otherwise, they might have blackbag'd or tempest'd him, but more likely is evil maid MBR rooting. Look at the early blogs from the people putting together QubesOS for more info on that.

Don't forget too, the MBR is just mid level in a whole stack of tiny potential attack vectors. BIOS, HDD firmware, etc.

It's a different ball game these days folks, the wild wild westernet is back.

Jason RitzkeApril 15, 2014 5:16 PM

@Nick P

It sounds like many people aren't aware of the *nix reimplementation, tcplay so I thought I'd mention it. I figure most *nix people use LUKS instead, and so probably don't know it exists. I don't even have the TrueCrypt binaries on my *nix boxes, I just use tcplay. Anyway, It's worth a lot to know that TrueCrypt disks can be accessed using dm-crypt. What your'e suggesting should be possible, if anybody desired to do it.

zApril 15, 2014 5:34 PM

This is the most important thing to come out of the Snowden leaks in my opinion.

JacobApril 15, 2014 5:35 PM

@Nick P

Playing the devil's advocate:

1. MarkH, in the quote you provided, grossly overestimates the distribution and usage of Truecrypt. The professors and Ssudents at universities are mainly on *nix systems, and many use other tools (e.g. LUKS). Corporate on Windows probably use BitLocker. Truecrypt is a niche product and is used by relatively small number of people - certainly a tiny fraction of a percent compared to openSSL - and nobody discovered the Heartbleed bug in the latter for 2 years.

And will they get world famous? again - the openSSL bug: The biggest bug there is - do you remember the Google's engineer name who found it at about the same time as, er, I think it was a Finnish company - what was its name again?

2. You said "most reviews and experiences are in favor of TrueCrypt team. In security, we use such things to determine trustworthiness".
I disagree. I pondered about TC since 1995 or so, and read every review I could lay my eyes on. Most reviews were about usage not security. The only security review and anecdotal evidence was by a linux team that raised an issue with the WIN code, and the FBI that could not crack a S.American drug dealer TC files.
Also, the TC code quality and documentation was there many years ago - who knows what happened since then. May be they have a new sloppy programmer and TC V.7.x is full of holes?

3. Your proposal re secure development: may be sound technically, but not economically. Nobody will spend time on TC rebuild. The openSSL is much more critical, and Big Corp America not only refuse to redo that mess, their donatation to the openSSL foundation is a joke. From FORBES:

"Anyone who gave OpenSSL $20,000 or more got its logo on their website according to their donation page. There are no logos on their website.

“The largest contribution that we’ve ever received that could be considered a no-strings donation (rather than payment for specific contractual deliverables) was $10K several years ago,” says Steve Marquess of the OpenSSL Foundation, the non-profit that manages funds for the group.
This week, its most famous week ever, the organization has received a paltry $841.70 in donations."

Natanael LApril 15, 2014 6:32 PM

About LUKS, that several people have mentioned as an alternative:

"Linux Unified Key Setup (LUKS) contains a flaw in CBC mode that may allow a physically present attacker to manipulate encrypted partitions on the system. With access to the corresponding plaintext file, an attacker can carry out a CBC malleability attack to compromise the encryption."

That's a type of evil maid attack, that can be used to inject malware. This class of ciphertext modification attacks would be eliminated by authenticated encryption, so that modified ciphertext can be discarded, and so that the user can be alerted.

tcbApril 15, 2014 7:05 PM

I hope they do cryptanalysis on the actual TC website provided binaries and not the source they built.

It's kind of like Tails. Source checks out but who's building the .ISOs? Anonymous French developers. Who's to say they didn't patch it with their French intelligence agency backdoor before releasing. This is one reason why Moxie had his app Textsecure pulled from F-Droid because he didn't trust other people building it (plus support reasons).

Nick PApril 15, 2014 8:12 PM

@ Jacob

" Truecrypt is a niche product and is used by relatively small number of people - certainly a tiny fraction of a percent compared to openSSL - and nobody discovered the Heartbleed bug in the latter for 2 years."

Each release gets over a million downloads. Recent one was about six. It's also been on sites like Slashdot plenty. So, that's quite a bit of exposure. The OpenSSL comparison isn't fair as it's a middleware embedded in applications and often comes with them. The Truecrypt downloads on the main site were individual users who went through the trouble of downloading and using the product. The ratio of downloads to users is unknown, though. The number itself could also be fake but I doubt it.

So, might MarkH have underestimated the amount of attention the product was getting in terms of code review? Sure. It was definitely getting attention, though, as you don't average a million downloads a release in a paranoid niche without some people looking for backdoors. Quality of reviews is an unknown, though.

"I pondered about TC since 1995 or so, and read every review I could lay my eyes on. Most reviews were about usage not security. The only security review and anecdotal evidence was by a linux team that raised an issue with the WIN code, and the FBI that could not crack a S.American drug dealer TC files."

If that's all you've seen, you haven't read "every review." There's a few more of each kind of thing one can find with Google. There's not many, for sure. I never said it got a high number of reviews. Just that most of them found nothing very sinister: just run of the mill issues less serious than a group such as NSA would prefer. The one your referring to, for instance, made a deal out of the keyfile algorithm (which could be better) while TC team said they assume compromise if attacker can write a keyfile (often true). Otherwise, they said it was very secure and they didn't see anyone breaking the security of the containers.

The devil's advocate aspect of your post was implied from the start: you didn't mention the qualified 3rd party review that praise their security (with a gripe or two), yet you did mention potential failures and that they're not trustworthy. The Internet is full of negativity about an open source program that nobody can show a backdoor in. That's unjustified. I figured some positive points were in order to provide some balance. All I'm doing.

"may be sound technically, but not economically. Nobody will spend time on TC rebuild."

They probably won't, no. They do contribute to some projects, not to others. The OpenSSL fundraising numbers are abysmal. More versatile projects such as FreeBSD and Linux get more money. Biggest chance, like in the chip fab discussion, is that a number of governments and private organizations get together to sponsor the development of secure [name it]. The sponsors get their name on it, get it for free, optionally get exclusive commercial use of it for a time period, and might make residual income from licenses of the tech. The licenses also provide money to maintain it. Might be a discount or free license for academic, non-commercial, etc. My idea is in line with Bell's (of Bell Lapadula) idea of "selfless acts of security" he believed were necessary to cover cost of high assurance for essential systems.

In any case, I agree with you that The Right Way probably won't happen. That's why I continue to rely on Truecrypt or other somewhat vetted offerings. I do, though, like your idea of creating a sizeable reward for a full crack of Truecrypt. I agree it would be better than what they're doing now. Yet, if it's as niche as you say, then the reward will do nothing as endless amounts of niche products used that strategy with nobody collecting because hardly anyone tried. So, who knows on that. Maybe if it was the object of Pown2own?

ICU-really?April 15, 2014 9:53 PM

Off topic...

52 million photos in FBIs face recognition database by next year

I recall a recent item passed into law where the FBI has been absolved of responsibility for keep the crime database records ACCURATE. Thus any crap that sneaks in, intentionaly or otherwise, is not corrected (yeah, like the no-fly list).

I suspect the same will be applied to this new database, whereby for all practical purposes, the content can only be used to prove "guilt" (that's HIM -or- HER!) and never be changed to show otherwise because no one is held accountable for errors (intentional or not).

Chris AbbottApril 16, 2014 12:11 AM

@Nick P

Xbox Live of course, but he knew way more than that. He and I have pwned TrueCrypt users repeatedly as well. Great kid with tons of potential...

WmApril 16, 2014 6:50 AM

Obviously, the only reliable thing to do is get Bruce to quit his job and do a voluntary audit of TC for us. I know some people in New Jersey who we can hire to break his legs to encourage him to do this.

Mike the goatApril 16, 2014 7:00 AM

Tcb: I feel the same way. Recently though Xavier de Carné de Carnavalet, a master's student at Concordia University, demonstrated that the truecrypt 7.1a obtained from the windows installer on their website (of course the copy he obtained from the website could differ from what others get, so he posted hashes) was not backdoored and was able to successfully verify it back to the source for that release - quite an achievement IMHO. But I get your point completely - how often are entire distributions (for example) verified and how many people (outside of the BSD community who routinely build world and install from ports; a generalization I know but anyway) build from source vs just use the binary packages their distro gave them. Hell many won't even build their own kernel..

code monkeyApril 16, 2014 8:29 AM

What if (hilarious to say "if") the NSA has capabilities beyond what we now know. A security audit only takes into account known security weaknesses. If the NSA is behind TrueCrypt, they could use undisclosed vulnerabilities to make the software vulnerable to them but no one else.

Nick PApril 16, 2014 10:02 AM

@ code monkey

NSA doesn't really have capabilities ahead of us in software attack. Asise from emanation attacks, anything they do is same as everyone else: look layer by layer, piece by piece for a weakness. If one is in truecrypt, it's likely one we've seen somewhere else.

Mike the goatApril 16, 2014 10:02 AM

Code monkey: what concerns me more about TC isn't the code but the meatspace side of things - a foundation that we don't know much about and basically everything is obfuscated bar a few records filings and a name or two. That is a concern in itself.

AnnoyedApril 16, 2014 2:38 PM

@Mike the goat

Don't forget the fact that they changed their forum policy such that you need an email address from a paid provider (eg: traceable).

To add to that suspicion, my friend had an account registered with an AT&T email (paid) but it was still blocked with the explanation that too much spam comes from that provider.

So it appears they are either incapable or unwilling to filter spammers vs. non-spammers from a single ISP which begs the question, why the need for paid email providers? Why not just ban an entire block or provider when a spammer pops up?

Nick PApril 16, 2014 2:58 PM

@ mike the goat

It's definitely suspicious. Yet, I ran my previous organization with cash, proxies, remailers, PGP, etc. That snoops of all kinds would draw a blank looking into me was fine with me. I asked customers to judge me on my references and the quality of my work. As I specialized in advanced threats, Im sure I dodged some metaphorical and literal bullets using that approach.

Truecrypt is made by people who love crypto and privacy. Looking back at cypherpunk movement, it wasn't unusual for people to have nothing IDing them but their key, alias, and writing/work. Truecrypt people are much more likely to be targeted than most of them were. Makes sense for them to stay in the shadows.

Of course, they could also be scheming pricks hiding their evils. Could go either way. Just wanted to point out there's legit reasons for operating anonymously if the opponent is TLA's from US to dictatorships.

Mike the goatApril 17, 2014 6:33 AM

Annoyed: exactly, it isn't one single thing that makes me suspicious of TC but the aggregation of a multitude.

Nick P: absolutely. I know as well as you the difficulties of maintaining the balance between exposure and privacy and at hiring time it is especially problematic when they wish to see your past work and (ever paranoid) you immediately believe that this is some kind of trap to link your nyms or perhaps even just violate NDAs that you were forced to operate under in the past.

I can also see that having the TC team hidden could be a good thing for the project and thus its users by eliminating the opportunity for interference and coercion from pseudo government agencies. That said I believe the latter agents would be able to decloak those involved quickly.

FigureitoutApril 18, 2014 1:10 AM

--Pretty off topic...since I can run Truecrypt on a liveUSB that isn't windows. Yeah he is. My dad has a joke, "If you aren't using Windows, you probably aren't actually doing anything". The point is all major software has been made for windows and apple. Unless you spend all your time configuring an OS that can get owned via the chips they run on or Tempest; or that little part of the configuration you missed...And then getting back to what have you done or accomplished? Do something, then you need to save a file and send it to someone (uh security issue). Use email? (broken everything).

The bigger picture you're obviously missing is that there are brilliant people that can only use windows or apple. In my observations, some mathematicians and chemists. They're extremely smart (and fun to do math w/); but they won't know programming or IT OPSEC. To really have a laugh, ask some of the IT OPSEC people you know and ask them to do a basic integral or derivative. They will google it and enter the formula in a calculator AKA a computer and not do the calculations in the head.

Mike the goatApril 18, 2014 4:25 AM

Figureitout: I believe Bruce's explanation on his use of Windows is that he uses what he is familiar with, and there is some wisdom in that - a locked down Windows box maintained by a proficient user is probably less vulnerable than a misconfigured Linux machine. That said, most of the discussion here revolves around L3+ adversaries. I believe that Windows is fundamentally broken in that regard and that Microsoft is and will continue to be complicit in facilitating govt requests for assistance in their operations whether by pushing a "special" windows update, signing their code etc. That said even if we knew that our OS was 100% trustworthy (ie we compiled our own kernel and userland from known vetted safe source code on a trusted and verified compiler pretending that for the sake of the argument all routes of compromise have been dealt with) we still have hardware to consider and as you pointed out as far as COTS Wintel hardware goes there is a lot to be concerned about.

I guess the safest thing is to use old hardware and an old OS kernel that has been manually patched for any remotely exploitable holes discovered since its release. I have an old SPARC which I use for this purpose - obscure architecture, old hardware and old software - this is what we have been reduced to ...

Nick PApril 18, 2014 12:40 PM

re Bruce's Windows box

He assumes it can be owned. He can still use it to get things done. He has protections against the riff raff. It's how most of us do it until a real solution to NSA problem is found, which as I told Bruce is unlikely to be technical. They just have too much money, brains, and boots available to solve their problems. Meanwhile, some of us are still working on ground-up architectures to give them some headaches anyway. Probably just a gesture, but I still enjoy giving opponents the middle finger.

@ mike the goat

"That said I believe the latter agents would be able to decloak those involved quickly."

It would have been hard back in the day, probably trivial or not so hard today depending on their methods. Primary method of tracking for conventional LEO's would be donations: the money's going to be picked up by *somebody*. That person is then the first breadcrumb leading to the group. Yet, there's quite a few more people than the FBI/NSA that might go for them so anonymity measures are still justified.

That said, I'm *really* interested in what the main developers' nationalities and resident countries are. The current climate is one where TLA's use legal, quasi-legal and quite illegal methods of attacking anything they think is an obstacle. We've seen what's happened to many companies in US and UK, for example. I wouldn't trust Truecrypt to resist subversion if their people were in theses countries. And a few others. So, I'd really like to know how vulnerable they are to such threats.

Recent audit has spammed Google to the point I can't easily find further information. Yet, I think I found something interesting in this link:!topic/

They were accused of stealing some code from SecurStar, so they actually shut down the project until the matter was resolved. I know that copyright is a strong protection internationally and standardized with treaties. Yet, that a mere copyright claim scared them enough to stop development might clue us in to what stronger methods at TLA's disposal could accomplish, esp. a domestic TLA.

Meanwhile, I think I saw some of your family members in these newsclips about their reaction to NSA subversion issue. Lots of angry statements in the video.

electronic heart beatApril 20, 2014 3:48 AM

"I guess the safest thing is to use old hardware and an old OS kernel that has been manually patched for any remotely exploitable holes discovered since its release."


Clive RobinsonApril 20, 2014 6:16 AM

@ Electronic Heartbeat,

TEMPEST is both difficult and problematical in many juredictions.

In theory civilians can not obtain nor are they alowed to build TEMPEST protection systems in the US or other places. That said EMC requirments have kind of scuppered much of the TEMPEST component issues, but have in some cases made TEMPEST attacks easier (ie deconvolving the spread spectrum "whitening" techniques used to meet EMC masks).

But TEMPEST is just a part of EmSec, whilst it passivly deals with some emmissions it's not designed to deal with active attacks using EM carriers to "illuminate" targets and by cross coupling carry information out.

These "injection atacks" can be quite devistating...

Which is why a steel and copper lined hole in the ground thirty or more feet down is looking good ;-)

Randy TaylerMay 28, 2014 6:17 PM

Bruce, did you find something in TrueCrypt? ARE YOU WHY WE CAN'T HAVE NICE THINGS??

Mr. PragmaMay 29, 2014 9:09 AM

Never used truecrypt. Never liked it.

My simple (many will say "too simple") approach:

Something made for Windows? Don't trust it.

Updated Date: 2013-11-22T14:35:35Z
Sponsoring Registrar:Network Solutions, LLC (R63-LROR)
Registrant Name:TrueCrypt Developers Association, LC
Registrant City:Drums
Registrant State/Province:PA
Registrant Country:US

Don't trust it.
(Btw. I kept the "Updated" record because it might be helpful in the current "what to make of it?" game re. truecrypt)

Someone else here basically said sth. like "Why not trust Bitlocker? You trusted truecrypt, after all". I agree.

And no, I don't think that linucks is glory goodness. But it's somewhat better than Windows by, for instance, enabling its users (and maintainers, and ...) to check and, if needed, fix a serious problem.

To Bruce and others:

I understand you. linucks was a pain in the ass in terms of useability for many years. But now with Mint and the like ... come on, guys! About the only major reason for Windows is games. But then, guys like us don't eat where we sh**, right?

On the other hand, maybe Bruce is right. I mean, with all those gazillion plastic "router, firewall, and WiFi" (next version: including a toaster!) toys out there and people using browsers with "anything and everything enabled and then some gadgets downloaded on top of it. And of course the flash plague, too" ... one might as well enable port mirroring with a direct link to nsa as well ...

Dewi MorganMay 29, 2014 7:30 PM

Far as I can tell from the wiki page and other places:

While the executable was compiled with a timezone of GMT+1, and the TrueCrypt trademark was registered in the Czech Republic under the name of "David Tesařík", the TrueCrypt Foundation has at least some connections to the US.

Before 2010, they made some efforts to conceal their identities and location: was initially registered to the false address "NAVAS Station, ANTARCTICA", and was later concealed behind a Network Solutions private registration. At that time, the developers used the aliases "ennead" and "syncon".

In 2010 they founded the "Truecrypt Foundation", a Domestic non-profit corporation ("TF") and the "Truecrypt Developers Association, LC", a Domestic Limited-Liability Company ("TDA"), both headed by "Ondrej Tesarik" in Nevada.

Also around this time, and the trademark were re-registered to the TDA, and the website published a TF contact address in Nevada. All references to their aliases were replaced by "The TrueCrypt Foundation".

Since they are a US company, they can be leaned on by US interests, and US gag laws can be brought to bear on them.

Dewi MorganMay 29, 2014 7:50 PM

In terms of the licensing issues, this is the best explanation of why their licensing is a problem, that I've been able to see.

Essentially, while you can read the source of their license, so the source is "open" by some measure, there are parts in the license - which they have confirmed are deliberate and will not change - that prevent it being used in Open Source projects.

So odds are we'll be using tcplay going forward... at least if someone makes a windows port.

Until that time, it seems we are in want of a good cross-platform open encryption solution.

notsayingJune 7, 2014 6:46 PM

Judging by the Truecrypt homepage's blatant endorsement of bit locker, I think Microsoft might be behind this coup. One or more of those anonymous contributors was probably found and paid off. It is also perfectly possible this is a NSA plot to shut it down. They really hate encryption tools that they don't have an easy backdoor to. (IE, the biggest and best funded spy agency in the world spends a lot of time compromising and suppressing encryption technology.) In either case, could someone that knows what they are doing please fork Truecrypt and continue development and auditing? If that doesn't happen, it is even more suspicious...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.