TrueCrypt To Go Through a Crowdfunded, Public Security Audit 104
An anonymous reader writes "After all the revelations about NSA's spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, co-founder of hosted healthcare services provider BAO Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total." (Mentioned earlier on Slashdot; the now-funded endeavor is also covered at Slash DataCenter.)
Re:Please, Google (Score:4, Insightful)
Are you nuts?
Re: (Score:2)
Yeah, you'd end up needing to sign in with a google account, storing your private keys in the cloud, posting stats on your g+ and allowing google to index the encrypted data.
Re: (Score:2)
awesome.. sign me up.
Re: (Score:2, Insightful)
They also apparently:
hacked my Power Supply by implanting a trasp device in My Bose Speakers and possibly my high end water machine that sent malware farts through my electrical grid and tunneled into my system that way.
sounds TOTALLY not paranoid schizophrenic.
On topic, Truecrypt is just a tool. It can't be "subverted" to do evil - it just exists and people can use it for 'good' or 'evil.' My hammer is really good and pounding nails ('good',) but would work equally well in password extraction ('evil') =)
Re: (Score:1)
Yeah, I know, that part seemed far-fetched to me as well.
BUT, the other stuff regarding TrueCrypt struck a note with me, in particular the screens of the TrueCrypt rules regarding admin rights and read-only enforcement structure--THAT could be used just as he explains. In that case, it would seem that the encryption--in it's mission to protect encrypted data from simply being over-written, actually allows malware to use this protection scheme to protect the malware. Simply encrypt the malware with TrueCrypt
Re: (Score:2)
The site has to be a hoax.
My fav so far:
I bet his herpes also got 10 times worse as well :-p
LOL:
Re: (Score:2)
it's a rambling.
but anyhow, as I gathered, in the story the hackers were the one's hiding their shit with truecrypt and not the guy who was getting hacked by triads...
frankly it's written like a madman.
Re: (Score:1)
frankly it's written like a madman.
Like or by?
Re: (Score:2)
Huh? (Score:1)
Slash DataCenter? Do not want!!
Hmmm... (Score:5, Interesting)
But who will audit the auditors?
Re:Hmmm... (Score:5, Insightful)
But who will audit the auditors?
Gorillas!
Seriously, a fully public audit is the best possible approach. You can never be 100% sure, but you can get close enough if the audit attracts enough talent. This is the true promise of open source: moving from "in theory, you could look at the source", yahright, to "here's the crowdfunding for experts to openly audit the open source". That's something.
Re: (Score:2)
This is still an important question. While yes, the money will attract some talent, the money also will attract scammers and just random people who want to make a quick buck. And I don't see $50k attracting enough talent.
Re: (Score:3)
In this case you won't need much money, as TrueCrypt is so high profile and lots of security experts use it personally. If this approach catches on, and the novelty wears off, then you'd need more money to be sure.
Re: (Score:2)
If you think this is about attracting random talent, you are so wrong.
This is about compensating known experts for their time spent on doing the audit.
It takes a lot of time to do an audit.
Re: (Score:2)
If the experts are already known, then I definitely don't see a point in not disclosing their names before the fund raiser.
I think the idea is really cool, but the process is also very important.
Re:Hmmm... (Score:5, Interesting)
Phone call to encryption expert: "Yes, thank you Truecrypt. I will gleefully accept your money and publish an audit."
Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."
(Oh, encryption experts are immune to subterfuge, greed, bottomless debt, double-dipping, and generally being nafarious? I thought that they were just human like the rest of us!)
(And for the record, once one "independent" party accepts money from another party with a dog in the race, they cease being "independent" about the matter at-hand.)
(See also: Whitewash [wikipedia.org].)
Re: (Score:3)
But then we'll know. If Bruce Schneier is an NSA plant, and he and at least one smart non-NSA plant routinely audit software, the pattern will emerge.
Like I said, nothing is perfect, but this is pretty good.
Re: (Score:3)
But I don't know Bruce Schneier from a hole in the ground, and the only thing I know about Truecrypt is that the folks who make it say it is secure (or, perhaps in the future, pay for audits, wherein it is proclaimed secure).
The circle of trust is very, very short here.
Studies have shown that studies are easily skewed by money.
Re: (Score:2)
It was considered adequate for military use. Depending on your political opinions, this may be a laughable audit or a solid claim.
A famous French blogger made a binary comparison between the sources and the windows binaries given by Truecrypt and deduced that (unless t
Re: (Score:2)
Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."
Let's not forget the probable stick that would come along with the carrot. 'National security...open your mouth about what you find and (insert threats here).
Re: (Score:2)
It's not the Truecrypt people organizing the audit, it's an independent group. Of course they might be the same person as the authors of Truecrypt are not known for certain, but since the audit will be public any deliberate failures are likely to be spotted. If you were a security researcher doing a public audit it would be unwise for you to accept money to botch it, since your professional reputation is on the line.
Re: (Score:2)
Which brings us back to the original question:
Who watches the watchers?
How would we even know if it was botched?
Re: (Score:1)
Free testing (Score:3)
Re:Free testing (Score:5, Insightful)
If you think better, stronger encryption is the answer, then you don't understand the problem.
In 2011 the Foreign Intelligence Surveillance Court issued a ruling that many of the NSA's activities were illegal and unconstitutional. You'll notice that this had no effect on the NSA's spying because (a) It was a secret order issued by a secret court and nobody knew about it until just recently and (b) There is essentially no oversight of the NSA which means they are free to do whatever they want.
So, even if you have some super-duper unbreakable encryption, which has been audited and you can guarantee that it contains no NSA backdoors, so what? If the NSA can't break your encryption they'll simply yell "National Security" and get a secret order from a secret court compelling to do decrypt your stuff or face prosecution -- prosecution which will be carried out in secret, making it impossible to defend yourself.
If you've been paying attention, you see what the real problem is.
Re: (Score:3)
There is one small silver lining to this otherwise ugly cloud... if of course there's a way to hide any trace of TrueCrypt on a machine that's using it?
Re: (Score:1)
So, even if you have some super-duper unbreakable encryption, which has been audited and you can guarantee that it contains no NSA backdoors, so what? If the NSA can't break your encryption they'll simply yell "National Security" and get a secret order from a secret court compelling to do decrypt your stuff or face prosecution -- prosecution which will be carried out in secret, making it impossible to defend yourself.
I'm very curious about this as I use truecrypt volumes of various types and sizes to fill my freespace with random data so free space wipes take less time. When I need some more room I delete a volume. The thing is when I make these I just grab a snippet of text from whatever I have open at the time. They are just junk files that truly can't be opened, does this mean I would sit in contempt of court for decades? Seems likely at this point.
Re: (Score:3)
I think the bigger question here is, why do you need to wipe your free space? are you hiding something from the NSA?
Re: (Score:2)
I didn't read the parent to your comment, so I'm taking your comment as worded. This information is valuable to other people, whether they can use it to imitate you to get further information from a trusted source or to access your finances or medical history. I wipe the free space because the end point (my PC) isn't secure. The remote server is supposed to be secure, as is the connection to my PC, but once decrypted on my co
Re: (Score:2)
i guess the joke went over your head(see parent comment)....but thats ok, your right though, wiping data is a good idea. You could always just encrypt your entire drive as well, making wiping unnecessary.
Re: (Score:2)
TrueCrypt, as an example, uses the "user key" you provide (weak) to encrypt the "volume key" generated from the various RNGs and entropy pools available (strong), like wiggling the mouse.This is used to actually encrypt the data. This way, you can change the "user key" without having to decrypt and re-encrypt the entire volume; Only the "volume key" need
Re: (Score:3)
Well put it in a hidden container and put stupid shit inside your normal container and give them that password. Throw a bunch of tax returns and shit in there and say you where only following your IT friends advice on protecting your finance documents, or if your IT, say you practice what you preach.
Also, assume they will find this post and use it to prove you have a secret container, so you'll want to change your name, SSN, DOB and possibly a face change(at least your hair), in fact, why where you stupid e
Re: (Score:2)
If you've been paying attention, you see what the real problem is.
The real problem here is that you're living in the USA. And another problem is your thinking.
Many of us don't live in the US. And even if we live in the EU, in a country who's secret service cooperates with the NSA, we still don't have a Patriot Act and I don't think that people here are abducted to the US or some stinking country without human rights for something like this.
Then your thinking. Most of us are just normal people, who want to protect documents for various reasons, and we want to use stronger
Re: (Score:3)
So they're getting crowd-funded money to do all their testing to ensure no one can see the NSA's back doors they have in place.
So what's your answer? Everyone just does their own code review?
They need an independent expert to validate it? (Score:3, Funny)
Alright, I'll volunteer. Once the money has cleared my account, consider it "validated."
Re: (Score:1)
Look, validating software is quite important as well. Its not as if validating truecrypt is something you can easily do in your free time. You need people that understand encryption and software to be able to get somewhere.
I am sure they won't just give any jackass the money and not demand reproducible steps and clear verification of the source code.
Its not because validating that everything works like they say it does without adding any code, that validating is a valueless job. There is great value for any
I'm just speculating here .. but (Score:1)
Won't work for the Windows version (Score:5, Insightful)
The Windows version is compiled with MSVC, which almost certainly has a NSA backdoor that gets compiled into the TrueCrypt binary.
Re: (Score:3)
Please vote this up..
Indeed, the vectors for adding back doors is not as simple as looking at source code.
Re:Won't work for the Windows version (Score:5, Insightful)
Sure, vote it up as a point that the the toolchain is always suspect, but saying MSVC is injecting backdoors into everything it compiles is just plain idiotic.
Re: (Score:2)
Absolutely, I'm no conspiracy theorist. I just agreed that the source code is not the only vector for injecting backdoors.
Re:Won't work for the Windows version (Score:5, Informative)
* We know that the distributed source generates the distributed binaries. There was an article on this (I'm too lazy to search for it).
* This audit will vet the source so that there are no *CODED* back doors.
* The code is still vulnerable to a Ken Thompson style attack.
Re: (Score:2)
The code is still vulnerable to a Ken Thompson style attack.
Is it possible to build the Windows version of TrueCrypt with GCC, or the Intel compiler? If so, then the Thompson attack can be worked around.
Re: (Score:1)
Unless one is planted into GCC.
we know current version gcc is safe (Score:3)
We know that the current version of GCC doesn't have the "Ken Thompson" trojan. The original version could have, theoretically a but it couldn't survive so many versions. Also, gdb would have revealed it long ago. ...
Maybe gcc also trojans gdb? And ptrace, and
You have to imagine that the author wrote specialized trojans for a bunch of programs that hadn't been created yet, and hid them all in a few kilobytes. That's beyond impossible, even for the best programmer in the world.
Re: (Score:2)
Unless one is planted into GCC.
Easy to eliminate. There are plenty of other open source compilers.
http://arxiv.org/pdf/1004.5548.pdf
Re: (Score:2)
But what if THOSE have trojans too?! (point being, you can't please or shut these people up)
The method is extensible. You apply DDC to all compilers. In order for any of them to be trojaned, they all have to be trojaned... and they all have to include trojans specifically written for each of the others, which include the trojan all pairwise combinations.
So if you have three compilers, with source code, you can apply DDC three times (A/B, A/C, B/C). If you detect no trojans, then either none exist, or each compiler must contain all three trojans (one for each compiler) and each trojan must contai
Re:Won't work for the Windows version (Score:5, Informative)
No, but certain differences between the TrueCrypt volumes generated by Windows and the TrueCrypt volumes generated by Linux point to there being a strong possibility of a backdoor in the Windows-only version.
I'd be interested to see if there's actually code that writes out those random bytes in the header for Windows only, or if something else (API, MSVC, etc.) is causing the randomness. Because if it's the latter, then the chance of it being a backdoor goes way, way up.
Re: (Score:2)
Not injecting backdoor into everything, just into the TrueCrypt binary. What is the easiest way to inject a backdoor into TrueCrypt? By asking Microsoft to add a backdoor to the MSVC compiler.
Re: (Score:2)
So ... if "solution name" = truecrypt, and source-code file = xyz.cpp then replace x with y?
How plausible is that really?
What is the easiest way to inject a backdoor into TrueCrypt? By asking Microsoft to add a backdoor to the MSVC compiler.
I think there's lots of easier, more reliable, less detectable ways than that.
Re: (Score:2)
Of course it isn't something simple like if "solution name" = truecrypt, that is just stupid. It's more like detecting specific encryption algorithms in TrueCrypt and injecting code that makes the encryption weaker by either modifying the encryption slightly or storing maybe part of the key somewhere in the data. So for the right people who know about the back door, decrypting becomes an easy task.
How plausible is that? Well I guess you haven't read about the Ken Thompson hack for the C compiler. Doing some
Re: (Score:2)
Of course it isn't something simple like if "solution name" = truecrypt, that is just stupid.
Yes.
It's more like detecting specific encryption algorithms in TrueCrypt and injecting code that makes the encryption weaker by either modifying the encryption slightly or storing maybe part of the key somewhere in the data.
That's a non-trivial hack, how do you propose it "detect specific enryption algorithms in truecrypt" to detect that its compiling truecrypt, and then modify it. How many bytes of code do you thi
Re: (Score:2)
That's a non-trivial hack, how do you propose it "detect specific enryption algorithms in truecrypt" to detect that its compiling truecrypt, and then modify it. How many bytes of code do you think it would take to program that?
You say it like it is complicated. This is just programming, Microsoft and the NSA has billions of dollars to throw at the problem. It doesn't matter how much space it takes it can be done.
Yes it has to be hidden, but you can have self modifying code and you can have code that looks l
Re: (Score:2)
You say it like it is complicated
Because it is.
Yes it has to be hidden, but you can have self modifying code and you can have code that looks like it does something innocent but actually does something else.
Has anybody actually audited the MSVC binary? Didn't think so.
Really you just have to audit the output. And you can start with 1 line of C and build up from there iteratively. Its work, and its tedious but its not nearly as hard as you think.
It doesn't matter how much space it takes it can be done.
Of co
Re: (Score:2)
No you can't just audit the output by starting with 1 line of C code and move up from there, because you don't know what is the actual trigger for the back door. It can be any number of specific lines of code, includes modules or at least some output size of the binary.
It doesn't have to be tiny, you can hide the code in data or other code. But even so just take a look at how tiny some programs are in the demoscene, you can build incredibly small code that does a lot. Also take a lookt at how some viruses a
Re: (Score:2)
No you can't just audit the output by starting with 1 line of C code and move up from there, because you don't know what is the actual trigger for the back door. It can be any number of specific lines of code, includes modules or at least some output size of the binary.
Your assertion was that it was the truecrypt source code. So how about we use that. It's not terribly large.
It doesn't have to be tiny, you can hide the code in data or other code.
You can hide a small bit of code, you can't hide large amounts
Re: (Score:2)
www.techarp.com/showarticle.aspx?artno=770&pgno=3
Hmmm...
Re: (Score:2)
Unfortunately it's not realistic to ask every Windows user to compile Truecrypt themselves. Our proposal is to adapt the deterministic build process that Tor is now using, so we can know the binaries are safe and untampered.
Re: (Score:3)
some guy replicated building the released tc binaries already though.
so unless the compiler is attaching a tc specific backdoor to everything..
Re: (Score:2)
Yes and he used the MSVC compiler which could include the NSA backdoor.
The compiler doesn't have to attach the backdoor to everything, only when the TrueCrypt binary is being created.
Re: (Score:2)
You missed my point. As long as the MSVC compiler is used you can't be sure the binary is correct, even thought the source is audited. The only way to do a validated Windows binary build is to use an open source C++ compiler that has been audited to compile the Windows version of TrueCrypt.
Re: (Score:3)
If you have followed any basic critical thinking class then you should observe one simple fact about this statement. It is a opinion, there are not facts supporting this that i am aware of (and many other claims about this article), nor is there any provided evidence.
If you use windows there are facts you should know. 1. its the most used OS and is the biggest target for anyone wanting information. Its far better to build a generic malicious code that will attack a known vulnerability of windows, even if it
Does anyone really care? (Score:5, Insightful)
I feel like this has been reported on 5 times by now. Yes we know they are raising money, please no more updates until the findings from the audit are in.
In the mean time is there any actual point to this? While TrueCrypt can be one of the best methods for a typical home user or even tech savy business person to encrypt that naughty folder. But it honestly isn't as widely used as they make it out to be. Most softwares or businesses use their own encryption. Not to mention the nature of TrueCrypt means its most often used to secure locals files or drives, meaning unless the NSA has direct control over your computer they really cant get at your stuff.
Also would this resolve anything? As soon as the audit is done people will either, question the findings for one reason or another. When in the end all the audit can say is if there is an intentional backdoor or if there is an obvious flaw in the code that would leave it vulnerable. Even if neither of these turn up there is still a very real chance the NSA found their own unintentional flaw in the code that allows them to greatly reduce the time required to decrypt the drive.
Re:Does anyone really care? (Score:4, Interesting)
You could have all other data quickly captured and end up on a few gov lists with your computer returned.
The NSA mostly seems to like to track all net use globally and then zoom in on users, their OS, files reviewing their digital lives.
Tame OS, telcos and software seem to help the NSA with the final steps i.e. the end users encryption and saving the keystrokes for easy very decryption.
But just the act of requesting an audit does make 'easy' past with some software more difficult.
audit will reveal the likely flaws, non-encryption (Score:3)
The best way to deal with strong encryption is to go around it, to use the back door. Those are the flaws an audit would reveal, issues not with the actual encryption, which is a fairly small part of the software, but with the other 90% of the code .
The encryption itself has been analyzed, and will continue to be analyzed, outside of Truecrypt, which is just one of many packages that use the same encryption.
ps - your homemade encryption isn't hard to figure (Score:2)
Ps - you're independent weak encryption is not hard to figure out. Let's say you use it for some PHP script on your web site. Well, it's on a publicly accessible web server, and it's friggin PHP, so I'll have the source code in ten minutes. As soon as I see the source, not only do I know what weak algorithms you're using, but I can also see the common flaws in your particular implementation.
A case in point -
A common "do it my own way" idea is to stack hash algorithms. Take a sha256 of the data, a
sadly (Score:2)
Sadly, though, there is only one party offering to take a huge sum of money to crawl through code for a few weeks or possibly months. And it seems to me that the parties offering to do the work have a vested interest in the results coming out "negative for NSA bugs".
This means ( as others here have pointed out ) that there cannot truly be independent verification. As someone else points out, the money would be better spent on bug hunts.
The approach bears the mark of vigilantism. I say that, because encrypti
We need a perminant comittee (Score:2)
We need to turn this into a perminant comittee to rountinely test all open source encryption software, popular kernels (linux, freebsd, etc...), webbrowsers(firefox,chromium), webservers(apache, nginx), and other essential bits of free software we depend on (mariadb, php, python, etc...)
Re: (Score:2)
It's "open source" in the colloquial definition of the term as "the source is public; you can download and compile it, and use the resulting output for personal use."