Active Members Fi8sVrs Posted April 3, 2015 Active Members Report Posted April 3, 2015 The Security audit of TrueCrypt disk-encryption software has been completed, with no evidence of any critical design vulnerabilities or deliberate backdoors in its code.TrueCrypt -- one of the world's most-used open source file encryption software used by Millions of privacy and security enthusiasts -- is being audited from past two years by a team of security researchers to assess if it could be easily exploited and cracked. Hopefully, it has cleared the second phase of the audit.TrueCrypt is a free, open-source and cross-platform encryption program available for Windows, OSX and Linux that can be used to encrypt individual folders or encrypt entire hard drive partitions including the system partition.NO NSA BACKDOORSSecurity Auditors and Cryptography Experts at NCC took an initiative to perform a public information security audit of TrueCrypt in response to the concerns that National Security Agency (NSA) may have tampered with it, according to a leaked classified document by Edward Snowden. "TrueCrypt appears to be a relatively well-designed piece of crypto software," cryptographic expert Matthew Green wrote in a blog post on Thursday. "The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." TrueCrypt cleared the first phase of the audit that reviewed the blueprints of the software and given a relatively clean bill of health almost a year ago. At the first phase, auditors discovered 11 issues of medium and low severity in the software.Now, the auditors from NCC Group’s Cryptography and security audit Services have finalized and published the 21-page Open Cryptographic report related to the second phase of audit that examined TrueCrypt's implementation of random number generators and critical key algorithms, and various encryption cipher suites. FOUR VULNERABILITIES DISCOVEREDThe report uncovered four vulnerabilities in the latest original version of the software, but none of them could lead to a bypass of confidentiality or let hackers use deformed inputs to subvert TrueCrypt. The vulnerabilities are given below: Keyfile mixing is not cryptographically sound -- Low severity Unauthenticated ciphertext in volume headers -- Undetermined CryptAcquireContext may silently fail in unusual scenarios -- High severity AES implementation susceptible to cache timing attacks -- High severity The most critical of the four vulnerabilities involved the use of Windows API to generate random numbers used by master cryptographic key.A separate vulnerability with undetermined severity checks for the volume header decryption was susceptible to tampering. Also, a low severity flaw for a method used to mix the entropy of keyfiles was not cryptographically sound.Another high severity flaw identified refers to "several included AES implementations that may be vulnerable to cache-timing attacks."Source: thehackernews.com Quote
Gushterul Posted April 3, 2015 Report Posted April 3, 2015 Dude, stii ca truecrypt e mort si ingropat, nu? Quote
Nytro Posted April 3, 2015 Report Posted April 3, 2015 Nu e. Isi face in continuare treaba. 7.1a. Quote
Gushterul Posted April 3, 2015 Report Posted April 3, 2015 Da, dar daca developerii originali nu mai lucreaza la el si doar e o recompilare (si aia dubioasa cine sta sa verifice md5-urile alea cu unele originale etc etc), cine mai are incredere in el daca nu mai e la zi cu problemele de securitate care pot aparea...Interes era in TruecryptNu cred ca il inchideau doar ca primeau o foaie de big brotherDeci cred ca si-au dat seama ca are vre-un mega flaw, si decat sa il faca public, mai bine l-au lasat balta. Quote
Stealth Posted April 3, 2015 Report Posted April 3, 2015 O alternativ? foarte bun? este BestCrypt: Jetico Inc. Oy Quote
Eric Posted April 3, 2015 Report Posted April 3, 2015 veracrypt cica ar fi noul truecrypt ....https://veracrypt.codeplex.com/ Quote
kNigHt Posted April 3, 2015 Report Posted April 3, 2015 TrueCrypt a fost dintotdeauna open source. Poate oricine sa faca un fork si sa il continue, defapt sunt deja cateva versiuni. Provocarea este doar ca o grupare sa fie indeajuns de capabila sa mentina standardul de calitate si de incredere. Quote
Byte-ul Posted April 3, 2015 Report Posted April 3, 2015 O alternativ? foarte bun? este BestCrypt: Jetico Inc. OyAlternativa closed source la ceva opensource care tocmai a avut un audit foarte smecher. Smartass. Quote