Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Data Storage Encryption Open Source Your Rights Online

TrueCrypt To Go Through a Crowdfunded, Public Security Audit 104

Posted by timothy from the line-by-line dept.
An anonymous reader writes "After all the revelations about NSA's spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, co-founder of hosted healthcare services provider BAO Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total." (Mentioned earlier on Slashdot; the now-funded endeavor is also covered at Slash DataCenter.)
This discussion has been archived. No new comments can be posted.

TrueCrypt To Go Through a Crowdfunded, Public Security Audit More

TrueCrypt To Go Through a Crowdfunded, Public Security Audit

Comments Filter:

  • Hmmm... (Score:5, Interesting)

    by Anonymous Coward on Thursday November 07, 2013 @07:04PM (#45362061)

    But who will audit the auditors?

  • Re:Hmmm... (Score:5, Interesting)

    by adolf ( 21054 ) <flodadolf@gmail.com> on Thursday November 07, 2013 @09:09PM (#45363331) Journal

    Phone call to encryption expert: "Yes, thank you Truecrypt. I will gleefully accept your money and publish an audit."

    Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."

    (Oh, encryption experts are immune to subterfuge, greed, bottomless debt, double-dipping, and generally being nafarious? I thought that they were just human like the rest of us!)

    (And for the record, once one "independent" party accepts money from another party with a dog in the race, they cease being "independent" about the matter at-hand.)

    (See also: Whitewash [wikipedia.org].)

  • Re:Does anyone really care? (Score:4, Interesting)

    by AHuxley ( 892839 ) on Friday November 08, 2013 @12:33AM (#45364955) Journal
    Its more for people moving around the world. But the main risk is having your media looked at and someone seeing your need for the use of encryption.
    You could have all other data quickly captured and end up on a few gov lists with your computer returned.
    The NSA mostly seems to like to track all net use globally and then zoom in on users, their OS, files reviewing their digital lives.
    Tame OS, telcos and software seem to help the NSA with the final steps i.e. the end users encryption and saving the keystrokes for easy very decryption.
    But just the act of requesting an audit does make 'easy' past with some software more difficult.

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Close