A security audit of the free and Open Source encryption utility, TrueCrypt

"found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas," and that the found vulnerabilities "all appear to be unintentional, introduced as the result of bugs rather than malice."

A summary of the results can be found here.

Recommended Answers

All 10 Replies

Certainty that no backdoor exists is largely because security experts were able to review the source code. It's difficult see how closed source products can provide the same level of assurance. +1 for opensource :-)

yah, like openSSL that supposedly had a major backdoor in it for 2 years until an NSA contractor just happened to come across it...

Member Avatar for diafol

"...software is insecure..."

I had to check whether that was right or whether 'unsecure' was better. Following research, I'm none the wiser, although the former seems to be favoured in North America. Reminds me of a 'neurotic operating system'. Sorry - off-topic.

Unsecure would be akin to "open to penetration". Insecure would be "unsure of oneself".

In the case of TrueCrypt then, both might be applicable :)

Member Avatar for diafol

Unsecure would be akin to "open to penetration". Insecure would be "unsure of oneself".

Now there's a naughty joke about that, but I think I'd receive an infraction...

Wow. All the effort and money that was put into getting a security audit, and then the project just shut down. Well, I don't like using unmaintained software, so I guess it's time to find something new.

The thing that's nice about truecrypt is I can still boot linux from USB and open the drive up for recovery. Bitlocket wouldn't be the solution here.

Even though it is unmaintained, why should you stop using it? I am currently using version 7.1a. It does everything I require so even if there are no further versions I will continue to use it as is and be quite satisfied.

But...

This article states that Truecrypt is alive and well and living in Switzerland. While the original authors are no longer maintaining TrueCrypt, perhaps the project has found a new home.

commented: hope the project lives on +0

True. It's a hueristic I try to stick to (stick with whats popular, and whats being supported ). There doesn't seem too many alternatives atm though.

I also have another hueristic. It's "when in dout, listen to Bruce Schneier". Apperently he's suggesting we do nothing at the moment

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.