Skip to main content

TrueCrypt security audit is good news, so why all the glum faces?

posted onApril 3, 2015
by l33tdawg

L33tdawg: On an unrelated note, Runa A. Sandvik who's involved with the TrueCrypt audit project will be presenting the closing keynote 'Bringing Internet Security to Where the Wild Things Are' at HITBSecConf2015 - Amsterdam the end of May in Amsterdam.

The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws.

The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that's a flaw that cryptographers say should be fixed, there's no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt. The report was produced by researchers from information security consultancy NCC Group.

Source

Tags

Security TrueCrypt

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th