TrueCrypt better known for its real-time ‘on the fly’ and transparent encryption recently fell under the radar mainly because of the the fact that, not only does the source code behind it need to be reviewed but also the custom licensing governing it.
TrueCrypt is an open source based disk encryption and decryption software that runs on Windows, Mac OS X and Linux Operating systems. Some of its features are entire drive or storage encryption, that is, full hard drive or USB drive encryption. With TrueCrypt one can also encrypt a partition or drive where Windows is installed and even created a hidden partition within another partition, let alone hide volumes on data discs. I have personally and still use TrueCrypt and I must admit this software works like a dream. However, the major concern is the controversial leak brought forward by the former NSA Contractor Edward Snowden that, most common encryption protocols are useless againist NSA, The Guardian even detail the NSA and GHCQ efforts to circumvent and crack various forms of web encryption based on documents he leaked.
Fundraising is underway and a website IsTrueCryptAuditedYet was set up to raise awareness and get the TrueCrypt audit project off the ground.
Has TrueCrypt been backdoored? Is NSA or anyone able to circumvent it, making it unsafe even when it is used properly because of a hidden backdoor or similiar? The main problem TrueCrypt faces is the same problem other major Security software vendors face, “There is really no one to trust!” TrueCrypt is very popular, widely used hence the need to have it audited. One question raised is that the TrueCrypt Windows binary version’s last 65,024 bytes of the header are filled with random values whereas the Linux version fills the header with zero encrypted bytes. What are those encrypted bytes?
In a nutshell, the Windows binary appears to save a block of unexplained bytes with the encrypted data. Some fear this is a key to a backdoor, which would allow people in-the-know to decrypt the data without the user’s password. TrueCrypt’s successful audit will be a positive step and major move towards reassuring and instilling confidence and trust at its large user base, ex users and doubting Thomas’. Right now there is a shortage of high-quality and usable encryption software, TrueCrypt has become an important and integral part of our lives as most people and organisations use it to encrypt their sensitive data. A positive TrueCrypt audit will hopefully pave way for other vendors to follow suit, besides and for now, it will be living proof that ‘Big Brother’ can’t always undermine every piece of code out there!
1 thought on “TrueCrypt Audit”