Nearly one year after the open-source encryption tool, TrueCrypt suddenly shutdown due to alleged security issues, the second audit phase has concluded TrueCrypt is in fact secure and has no known backdoors within its software.
The results of the cryptanalysis show the tool is secure, and has no intentional backdoors from any three letter agencies, NSA, FBI among other government entities. Such fears date back to 2013, post-Snowden, when the NSA whistleblower revealed the capabilities of the NSA and their advanced hacking techniques.
“We approached the audit looking for any vulnerabilities we could identify, such as the misuse of a function or a memory corruption issue,” Tom Ritter, one of the auditors and security engineer’s with the NCC Group Cryptography Service said. “We did not go into the audit looking expressly for backdoors nor did we go in assuming there would be none and ignore them.”
“It’s difficult to identify a deliberately placed backdoor, but we feel we did a good audit over the code,” Ritter continued. “Ultimately, we like TrueCrypt as a project and hope the community continues to develop it.”
TrueCrypt underwent its first audit phase nearly a year ago, the audit uncovered 11 vulnerabilities but still passed with flying colors, aka no backdoors or severe design flaws. The first audit phase focused on the boot loader and Windows kernel driver, analyzing the architecture and performing a code review.
The second audit phase focused on the encryption cipher suites and Truecrypt’s implementation of random number generators and critical key algorithms.
The second phase of the audit was completed by the NCC Group Cryptography service March 13, following completion the auditors released their public report (PDF) today. Lodged in the report, four vulnerabilities were uncovered in the code, two of them being rated at a high-severity rating, one rated at low-severity and the other at undetermined-severity. However, none of the flaws could lead to a bypass of confidentiality the report stated.
Matthew Green, a cryptographer professor at John Hopkins University and one of the original organizers of the Open Crypto Audit Project, the organization hosting the TrueCrypt audit. Green said TrueCrypt appeared to be well-designed and the audit revealed no severe flaws that could make the software insecure in most scenarios.
The second cryptanalysis phase looked into the assorted AES implementations, the random Number Generator Implementation (RNG), the SHA-512 hash function, key derivation functions, keyfiles, header volume format and cipher cascades. Digging deep into TrueCrypt’s code, analyzing each line of code. Auditors did not go into the audit looking for backdoors, instead, they went in looking for any design flaws that could leak plaintext key data, predictable outputs from the RNG or any possibly implementation flaws.
The largest issue uncovered in the second audit phase was a flaw in the random number generator, a tool that generates keys that encrypt TrueCrypt volumes. The vulnerability identified questions whether or not the RNG could indeed be predicted. Green said the TrueCrypt developers, whose identities remain anonymous but run under online alias “ennead” and “syncon”, based the RNG TrueCrpyt makes use of on a 17-year-old design that uses an entropy pool of unpredictable values from various sources within the system, including the Windows Crypto API.
Green said an issue with TrueCrypt is that the Crypto API can rarely fail to properly initialize. Instead of the tool failing, it quietly accepts the failure and continues on to generate the keys. Though the probability of the failure occurring is substantially low, it could be a serious issue in rare instances. Green continued on stating even if the Windows Crypto API fails on your system, TrueCrypt will still collect entropy from sources within the system, including system pointers and mouse movements. Green recommends someone fix the issue in one of the many TrueCrypt forks.
Ritter, along with two other auditors, Alex Balducci and Sean Devlin, said TrueCrypt’s implemented RNG gathers its input data from various sources, some of which are more predictable than others, but they are still not cryptographically sound. The main source the RNG pulls from is a call to the Windows API, yet if the call failed, TrueCrypt would still continue on to create volumes or encrypt a disk using a key that’s partially predictable.
The audit service also noted the volume header decryption uses integrity checks that don’t accurately detect tampering. They also said TrueCrypt’s AES implementations are vulnerable to cache-timing attacks.
The auditors recommend the public keep code reviews and scheduled TrueCrypt audits ongoing, and specially analyzing three specific areas of TrueCrypt: XTS pointer arithmetic; header volume parameters; and program flow.
TrueCrypt is a great piece of disk encryption software, and the halting of its development is saddening. Though, amid the TrueCrypt concern, the software can still be safely used across all your machines as it has no known backdoors and only a few vulnerabilities that could rarely be of concern.
We would like to thank and wish the best of luck to the TrueCrypt developers.