|
|
Subscribe / Log in / New account

Open Crypto Audit gives TrueCrypt a passing grade

At his blog, cryptographer Matt Green announced that the Open Crypto Audit project's review of the now-abandoned TrueCrypt encryption tool is complete, and that "based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." TrueCrypt was abruptly abandoned by its anonymous developers in 2014, leading some to suspect that a serious vulnerability had been discovered. The final Open Crypto Audit report [PDF] suggests otherwise, which is good news for users as well as for the multiple open-source projects that have subsequently developed TrueCrypt-compatibility support.


(Log in to post comments)

Open Crypto Audit gives TrueCrypt a passing grade

Posted Apr 2, 2015 20:43 UTC (Thu) by ledow (guest, #11753) [Link]

Shame they can't update the SSL certificate on their website, though.

For me, it's showing as expired.

Open Crypto Audit gives TrueCrypt a passing grade

Posted Apr 3, 2015 0:25 UTC (Fri) by rahvin (guest, #16953) [Link]

? The certificate I see says it's good till October.

(10/12/2015 9:33:25 AM GMT) to be precise.

Open Crypto Audit gives TrueCrypt a passing grade

Posted Apr 3, 2015 8:23 UTC (Fri) by ledow (guest, #11753) [Link]

The blog is actually on:

https://cryptanalysis.eu/

(and loads resources from there).

Their certificate expired the end of March.

Open Crypto Audit gives TrueCrypt a passing grade

Posted Apr 3, 2015 10:35 UTC (Fri) by micka (subscriber, #38720) [Link]

That's probably them telling you CA based security is useless.

Open Crypto Audit gives TrueCrypt a passing grade

Posted Apr 3, 2015 12:38 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

> TrueCrypt was abruptly abandoned by its anonymous developers in 2014, leading some to suspect that a serious vulnerability had been discovered.

Another possibility was that spooks approached them with an ultimatum.

Open Crypto Audit gives TrueCrypt a passing grade

Posted Apr 4, 2015 4:45 UTC (Sat) by xorbe (guest, #3165) [Link]

Pretty much. It wasn't just abandoned, it was released with a final read-only version then abandoned.

Open Crypto Audit gives TrueCrypt a passing grade

Posted Apr 4, 2015 22:40 UTC (Sat) by linuxrocks123 (subscriber, #34648) [Link]

The review was of version 7.1(a), however, not the read-only final release 7.2.


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds