TrueCrypt

Until discontinued under mysterious circumstances last year, the open-source encryption tool TrueCrypt was pretty much the first choice for computer users looking to keep the contents of their hard drive out of the reach of unauthorised parties.

So I am fascinated to read a new technical report by Robert Lipovsky and Anton Cherepanov, security researchers at ESET, which brings to light that a Russian language version of TrueCrypt contains a secret backdoor trojan.

L33tdawg: On an unrelated note, Runa A. Sandvik who's involved with the TrueCrypt audit project will be presenting the closing keynote 'Bringing Internet Security to Where the Wild Things Are' at HITBSecConf2015 - Amsterdam the end of May in Amsterdam.

The gears of the TrueCrypt audit have whirred into life overnight with boffins poised to again probe the open source crypto tool after nearly a year of waiting.

A tiny team will fondle the tool's random number generators, cipher suites and key algorithms in a bid to pull the internet's favourite crypto suite out of the pariah status it attained when its developers claimed it contained unspecified vulnerabilities and recommened users adopt alternatives like Microsoft's BitLocker.

Is TrueCrypt audited yet? Nope, but it will be soon. One of the world's most-used file encryption tools is about to get a full exam that will hopefully give the software a clean bill of health, after an independent effort successfully raised tens of thousands of dollars to peer into TrueCrypt's deepest recesses.