A crowdfunded third-party security audit of popular (and shuttered) personal encryption tool TrueCrypt has concluded. The effort, led by cryptographic expert Matthew Green found that \"TrueCrypt appears to be a relatively well-designed piece of crypto software,\" and that the audit \"found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.\" <\/p>\n
The software isn't perfect. The audit team did find \"a few glitches and some incautious programming\" related to the Windows random number generator, and vulnerability to cache timing attacks. Neither problem poses much in the way of issues to users unless encryption and decryption are performed on a shared machine, or a physically insecure machine where miscreants can run code directly on the encrypting computer. <\/p>\n
TrueCrypt was an open-source freeware application used for on-the-fly encryption. It could create a virtual encrypted disk within a file, encrypt a disk partition, or the entire storage device with pre-boot authentication. In the wake of the Snowden revelations, a non-profit agency was crowdfunded and created to audit the utility's encryption methodology, with the first phase of the report having been completed in April. <\/p>\n
Speculation about the shutdown of the popular encryption software was wide-ranging, with the most prevalent theory being that the shutdown was a \"warrant canary,\" meaning that the group may have received a subpoena from US courts demanding encryption keys. Internet skeptics believe that the group may have chosen to shut down, rather than fight or concede the keys to the court. <\/p>\n
The repository hosting the utility, SourceForge, claims that there is \"no indicator of account compromise\" and \"current usage is consistent with past usage.\" Additionally, the last major update was over two years ago with limited support on newer operating systems, so all signs point to the program being abandoned, rather than interfered with by external forces. <\/p>\n
By Electronista Staff <\/p>\n
<\/p>\n