Security Analysis of TrueCrypt 7.0a with an Attack on the Keyfile Algorithm

Nytro · September 9, 2013

Security Analysis of TrueCrypt 7.0a with an Attack on the Keyfile Algorithm

Ubuntu Privacy Remix Team <info@privacy-cd.org>

August 14, 2011

Contents
Preface.............................................................................................................................................1
1. Data of the Program.....................................................................................................................2
2. Remarks on Binary Packages of TrueCrypt 7.0a..........................................................................3
3. Compiling TrueCrypt 7.0a from Sources.......................................................................................3
Compiling TrueCrypt 7.0a on Linux..............................................................................................3
Compiling TrueCrypt 7.0a on Windows........................................................................................4
4. Methodology of Analysis...............................................................................................................5
5. The program tcanalyzer................................................................................................................6
6. Findings of Analysis......................................................................................................................7
The TrueCrypt License.................................................................................................................7
Website and Documentation of TrueCrypt...................................................................................7
Cryptographic Algorithms of TrueCrypt........................................................................................8
Cryptographic Modes used by TrueCrypt.....................................................................................9
TrueCrypt Volume and Hidden Volumes.....................................................................................11
The Random Number Generator of TrueCrypt...........................................................................11
The Format of TrueCrypt Volumes.............................................................................................12
7. An Attack on TrueCrypt Keyfiles.................................................................................................14
The TrueCrypt Keyfile Algorithm................................................................................................14
The Manipulation of TrueCrypt Keyfiles.....................................................................................14
Response to the Attack by the TrueCrypt Developers................................................................16
8. Conclusion..................................................................................................................................17

Preface

We previously have analyzed versions 4.2a, 6.1a and 6.3a of the TrueCrypt program in source

code without publishing our results. Now however, for our new analysis of version 7.0a we decided

to publish it. We hope that it will help people to form their own sound opinion on the security of

TrueCrypt. Moreover, we solicit help in correcting any mistakes that we've made. To this end, we

would like to encourage everyone reading this to send criticism or suggestions for further analysis

to us.

While preparing the analysis for publication we reassessed our previous results. In doing so we

discovered major weaknesses in the TrueCrypt keyfile algorithm. This could even be turned into a

successful attack on TrueCrypt keyfiles. We present that attack in section 7. We want to stress that

the security of TrueCrypt containers which do not use keyfiles is in no way affected by this weaknesses

and the attack.

TrueCrypt is a multi-platform program. Up to now there are versions for Windows, Linux and Mac

OS X. Our analysis mainly focuses on the Linux version. The Windows version has been analyzed

to a lesser extent, the Mac OS X version not at all. In large parts the code basis is the same for all

operating systems on which TrueCrypt runs. On the other hand there is some special code for

each of these operating systems. This is even reflected in slightly diverging behavior of the program

on different operating systems here and there.

In the source code of TrueCrypt 7.0a there are, moreover, folders for the operating systems Free-

BSD and Solaris. Apparently the source code in these folders hasn't reached a point where a program

could be built and distributed from it. Therefore, we completely neglected them.

The report at hand explains the results of our analysis. It is organized as follows: Section 1 lists

some data of the analyzed program. Section 2 contains remarks on binary TrueCrypt packages.

Section 3 deals with compiling TrueCrypt from the sources. Section 4 explains the methodology of

our analysis. In section 5 we describe our program tcanalyzer which has been written for this

analysis. Section 6 contains our findings in detail except for the attack on keyfiles to which section

7 is devoted. Finally section 8 presents our conclusions. The rational for the conclusions in section

8 is mainly presented in section 6. In sections 6 and 7 some elaborated technical or mathematical

facts have been documented in the footnotes. Readers who don't have the special skills to understand

them may safely ignore them.

Download:

https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-en.pdf

Sign In

Security Analysis of TrueCrypt 7.0a with an Attack on the Keyfile Algorithm

Recommended Posts

Nytro

Join the conversation

Browse

Activity

Pages