TrueCrypt Audit

TrueCrypt AuditTrueCrypt better known for its real-time ‘on the fly’ and transparent encryption recently fell under the radar mainly because of the the fact that, not only does the source code behind it need to be reviewed but also the custom licensing governing it.

TrueCrypt is an open source based disk encryption and decryption software that runs on Windows, Mac OS X and Linux Operating systems. Some of its features are entire drive or storage encryption, that is, full hard drive or USB drive encryption. With TrueCrypt one can also encrypt a partition or drive where Windows is installed and even created a hidden partition within another partition, let alone hide volumes on data discs. I have personally and still use TrueCrypt and I must admit this software works like a dream. However, the major concern is the controversial leak brought forward by the former NSA Contractor Edward Snowden that, most common encryption protocols are useless againist NSA, The Guardian even detail the NSA and GHCQ efforts to circumvent and crack various forms of web encryption based on documents he leaked.

Fundraising is underway and a website IsTrueCryptAuditedYet was set up to raise awareness and get the TrueCrypt audit project off the ground.

Has TrueCrypt been backdoored? Is NSA or anyone able to circumvent it, making it unsafe even when it is used properly because of a hidden backdoor or similiar? The main problem TrueCrypt faces is the same problem other major Security software vendors face, “There is really no one to trust!” TrueCrypt is very popular, widely used hence the need to have it audited. One question raised is that the TrueCrypt Windows binary version’s last 65,024 bytes of the header are filled with random values whereas the Linux version fills the header with zero encrypted bytes. What are those encrypted bytes?

In a nutshell, the Windows binary appears to save a block of unexplained bytes with the encrypted data. Some fear this is a key to a backdoor, which would allow people in-the-know to decrypt the data without the user’s password. TrueCrypt’s successful audit will be a positive step and major move towards reassuring and instilling confidence and trust at its large user base, ex users and doubting Thomas’. Right now there is a shortage of high-quality and usable encryption software, TrueCrypt has become an important and integral part of our lives as most people and organisations use it to encrypt their sensitive data.  A positive TrueCrypt audit will hopefully pave way for other vendors to follow suit, besides and for now, it will be living proof that ‘Big Brother’ can’t always undermine every piece of code out there!

Lets connect

Trevor Murimba

Trevor Murimba a.k.a TechnoTrev is a Certified Ethical Hacker, Cyber Security Specialist by profession, Information Security Publications Contributor on iAfrikan.com, MyBitSecure Projects Contributor and the Founder of SecureBinary. Besides spending countless days and late nights Playing the Guitar, Coding in Python, Hacking & Beefing up Security on his mostly Linux-based Virtual Environments; Trev has a strong passion for Open Source-based I.T Security Solutions, Decentralised Systems, BigData, Blockchain, ICS & SCADA Systems, Artificial Intelligence (AI) and literally anything that makes the ‘Internet of Things’ (IoT) a more secure place; through promoting a culture of I.T Security Awareness!
Lets connect

Latest posts by Trevor Murimba (see all)

1 thought on “TrueCrypt Audit”

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.