Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

TrueCrypt To Go Through a Crowdfunded, Public Security Audit

timothy posted about 9 months ago | from the line-by-line dept.

Security 104

An anonymous reader writes "After all the revelations about NSA's spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, co-founder of hosted healthcare services provider BAO Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total." (Mentioned earlier on Slashdot; the now-funded endeavor is also covered at Slash DataCenter.)

cancel ×

104 comments

Sorry! There are no comments related to the filter you selected.

Please, Google (-1)

faragon (789704) | about 9 months ago | (#45362029)

Fuck buy TrueCrypt.

Re:Please, Google (0)

Anonymous Coward | about 9 months ago | (#45362073)

So it can be subverted from the inside either by NSA plants or through NSLs compelling Google to do so? No thanks...

Re:Please, Google (0)

Anonymous Coward | about 9 months ago | (#45362257)

So it can be subverted from the inside either by NSA plants or through NSLs compelling Google to do so? No thanks...

I thought the NSA plant the auditor ...

Re:Please, Google (3, Insightful)

epyT-R (613989) | about 9 months ago | (#45362115)

Are you nuts?

Re:Please, Google (1)

_merlin (160982) | about 9 months ago | (#45363119)

Yeah, you'd end up needing to sign in with a google account, storing your private keys in the cloud, posting stats on your g+ and allowing google to index the encrypted data.

Re:Please, Google (1)

epyT-R (613989) | about 9 months ago | (#45363211)

awesome.. sign me up.

Re:Please, Google (0)

Anonymous Coward | about 9 months ago | (#45362129)

That might be the shittiest idea anyone ever had !

Re:Please, Google (0)

Anonymous Coward | about 9 months ago | (#45362999)

That might be the shittiest idea anyone ever had !

What bothers you about that? The ads? The direct NSA backdoors? The fact that they'd abandon it after an extended beta period?

Re:Please, Google (0)

Anonymous Coward | about 9 months ago | (#45362579)

Not sure which Google hit you are referring to, but I suspect it is the following.

http://hackfromhell.blogspot.com/2012/12/truecrypt-hid-device-hack-with-knoppix.html

According to the author, due to design choices made by the developers of Truecrypt, it (TrueCrypt) is being used to subvert not only itself but as a means to infiltrate an entire system.

If this is true, then TrueCrypt is a poor choice for this audit (much less, anything else).

Re:Please, Google (1, Insightful)

joelleo (900926) | about 9 months ago | (#45362799)

They also apparently:

hacked my Power Supply by implanting a trasp device in My Bose Speakers and possibly my high end water machine that sent malware farts through my electrical grid and tunneled into my system that way.

sounds TOTALLY not paranoid schizophrenic.

On topic, Truecrypt is just a tool. It can't be "subverted" to do evil - it just exists and people can use it for 'good' or 'evil.' My hammer is really good and pounding nails ('good',) but would work equally well in password extraction ('evil') =)

Re:Please, Google (1)

Anonymous Coward | about 9 months ago | (#45363069)

Yeah, I know, that part seemed far-fetched to me as well.

BUT, the other stuff regarding TrueCrypt struck a note with me, in particular the screens of the TrueCrypt rules regarding admin rights and read-only enforcement structure--THAT could be used just as he explains. In that case, it would seem that the encryption--in it's mission to protect encrypted data from simply being over-written, actually allows malware to use this protection scheme to protect the malware. Simply encrypt the malware with TrueCrypt, and TrueCrypt protects it from being over-written AND allows said encrypted data to be loaded before the OS.

Pretty compelling. The guy made some of his data available for others to tear apart (he admits his weaknesses in this area). Perhaps someone here can actually do that.

Re:Please, Google (1)

LoRdTAW (99712) | about 9 months ago | (#45365125)

The site has to be a hoax.

My fav so far:

The Most clever of all is when they knew I was on Match.com so they had a Chinese Girl contact me and I was amazed at how quickly she wanted to come to my house, it was too easy actually but right after she came I noticed the hacking got 10 times worse. I now realize she came to get my cable modem Mac address so they could clone my cable modem.

I bet his herpes also got 10 times worse as well :-p

LOL:

Their hack made a mistake and assumed that the hidden volume I created was part of their set-up so they proceeded to copy over a 666MB .iso file that had the same name a linux Dragonfly Live DVD except that Dragonfly is 900MB, not 666MB like this one.

It gets better: How they hacked my iPhone last year in Asia

How they hacked my iPhone last year in Asia
If you think you are safe just because you have an original iPhone from Apple that wasn't unlocked, think again. Granted I was sleeping with the enemy ( my Vietnamese Wife ) and since I had to sleep sometimes, the Hoa Hao had a huge advantage because they could sabotage my electronic devices while I was sleeping if they weren't able to do it while I was awake.

So, um, yea. I would only read that blog if looking for a good laugh. A big "Thank you"goes out to the gp for the lulz.

Re:Please, Google (1)

gl4ss (559668) | about 9 months ago | (#45364849)

it's a rambling.

but anyhow, as I gathered, in the story the hackers were the one's hiding their shit with truecrypt and not the guy who was getting hacked by triads...

frankly it's written like a madman.

Re:Please, Google (1)

nightsky30 (3348843) | about 9 months ago | (#45367009)

frankly it's written like a madman.

Like or by?

Re:Please, Google (1)

freeze128 (544774) | about 9 months ago | (#45369941)

Buy it from Whom? It's open source!

Huh? (1)

Anonymous Coward | about 9 months ago | (#45362033)

Slash DataCenter? Do not want!!

Hmmm... (5, Interesting)

Anonymous Coward | about 9 months ago | (#45362061)

But who will audit the auditors?

Re:Hmmm... (5, Insightful)

lgw (121541) | about 9 months ago | (#45362157)

But who will audit the auditors?

Gorillas!

Seriously, a fully public audit is the best possible approach. You can never be 100% sure, but you can get close enough if the audit attracts enough talent. This is the true promise of open source: moving from "in theory, you could look at the source", yahright, to "here's the crowdfunding for experts to openly audit the open source". That's something.

Re:Hmmm... (1)

SolitaryMan (538416) | about 9 months ago | (#45362549)

This is still an important question. While yes, the money will attract some talent, the money also will attract scammers and just random people who want to make a quick buck. And I don't see $50k attracting enough talent.

Re:Hmmm... (2)

lgw (121541) | about 9 months ago | (#45363757)

In this case you won't need much money, as TrueCrypt is so high profile and lots of security experts use it personally. If this approach catches on, and the novelty wears off, then you'd need more money to be sure.

Re:Hmmm... (1)

Lennie (16154) | about 9 months ago | (#45366295)

If you think this is about attracting random talent, you are so wrong.

This is about compensating known experts for their time spent on doing the audit.

It takes a lot of time to do an audit.

Re:Hmmm... (1)

SolitaryMan (538416) | about 9 months ago | (#45370427)

If the experts are already known, then I definitely don't see a point in not disclosing their names before the fund raiser.

I think the idea is really cool, but the process is also very important.

Re:Hmmm... (4, Interesting)

adolf (21054) | about 9 months ago | (#45363331)

Phone call to encryption expert: "Yes, thank you Truecrypt. I will gleefully accept your money and publish an audit."

Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."

(Oh, encryption experts are immune to subterfuge, greed, bottomless debt, double-dipping, and generally being nafarious? I thought that they were just human like the rest of us!)

(And for the record, once one "independent" party accepts money from another party with a dog in the race, they cease being "independent" about the matter at-hand.)

(See also: Whitewash [wikipedia.org] .)

Re:Hmmm... (2)

lgw (121541) | about 9 months ago | (#45363741)

But then we'll know. If Bruce Schneier is an NSA plant, and he and at least one smart non-NSA plant routinely audit software, the pattern will emerge.

Like I said, nothing is perfect, but this is pretty good.

Re:Hmmm... (2)

adolf (21054) | about 9 months ago | (#45364021)

But I don't know Bruce Schneier from a hole in the ground, and the only thing I know about Truecrypt is that the folks who make it say it is secure (or, perhaps in the future, pay for audits, wherein it is proclaimed secure).

The circle of trust is very, very short here.

Studies have shown that studies are easily skewed by money.

Re:Hmmm... (1)

Yvanhoe (564877) | about 9 months ago | (#45366161)

Dor what it is worth, the version 6.0a of Truecrypt has been found clean by the ANSSI, the French public agency of computer security (which have a good reputation in cryptography, but who may set the paranoia cursor a bit too low) in 2009.

It was considered adequate for military use. Depending on your political opinions, this may be a laughable audit or a solid claim.

A famous French blogger made a binary comparison between the sources and the windows binaries given by Truecrypt and deduced that (unless the compiler itself adds backdoors automatically, as improbable as it is, we cannot totally dismiss that possibility nowadays) no backdoors have been hidden in the binary. So if the code is clean, the binary is clean.

Re:Hmmm... (1)

sociocapitalist (2471722) | about 9 months ago | (#45366715)

Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."

Let's not forget the probable stick that would come along with the carrot. 'National security...open your mouth about what you find and (insert threats here).

Re:Hmmm... (1)

AmiMoJo (196126) | about 9 months ago | (#45366793)

It's not the Truecrypt people organizing the audit, it's an independent group. Of course they might be the same person as the authors of Truecrypt are not known for certain, but since the audit will be public any deliberate failures are likely to be spotted. If you were a security researcher doing a public audit it would be unwise for you to accept money to botch it, since your professional reputation is on the line.

Re:Hmmm... (1)

adolf (21054) | about 9 months ago | (#45369333)

Which brings us back to the original question:

Who watches the watchers?

How would we even know if it was botched?

Re:Hmmm... (0)

Anonymous Coward | about 9 months ago | (#45379401)

Phone call to encryption expert: "Yes, thank you Truecrypt. I will gleefully accept your money and publish an audit."

Next phone call to encryption expert: "Yes, thank you NSA. I will gleefully accept your money and write whatever you tell me to write in my published audit."

This is why we should have Bill Gates do the audit. He's so rich he cannot be bought.

Re:Hmmm... (0)

Anonymous Coward | about 9 months ago | (#45362175)

Turtles

Re:Hmmm... (0)

Anonymous Coward | about 9 months ago | (#45365153)

Why Yes, I do Sing but you need a very big bucket to carry the tune.

Fast Turtle

Re:Hmmm... (-1)

Anonymous Coward | about 9 months ago | (#45362273)

Your whore of a mother.

Re:Hmmm... (1)

Alarash (746254) | about 9 months ago | (#45366091)

Richard Stallman should be all over this. I mean, he keeps saying all over the place how software needs to be open for people to review what it does, and if there's ever been a time where this was needed, it's now.

Free testing (2)

retech (1228598) | about 9 months ago | (#45362085)

So they're getting crowd-funded money to do all their testing to ensure no one can see the NSA's back doors they have in place.

Re:Free testing (5, Insightful)

rudy_wayne (414635) | about 9 months ago | (#45362223)

If you think better, stronger encryption is the answer, then you don't understand the problem.

In 2011 the Foreign Intelligence Surveillance Court issued a ruling that many of the NSA's activities were illegal and unconstitutional. You'll notice that this had no effect on the NSA's spying because (a) It was a secret order issued by a secret court and nobody knew about it until just recently and (b) There is essentially no oversight of the NSA which means they are free to do whatever they want.

So, even if you have some super-duper unbreakable encryption, which has been audited and you can guarantee that it contains no NSA backdoors, so what? If the NSA can't break your encryption they'll simply yell "National Security" and get a secret order from a secret court compelling to do decrypt your stuff or face prosecution -- prosecution which will be carried out in secret, making it impossible to defend yourself.

If you've been paying attention, you see what the real problem is.

Re:Free testing (0)

Anonymous Coward | about 9 months ago | (#45362453)

Mod Parent Up. Also: Security [xkcd.com]

Re:Free testing (2)

Penguinisto (415985) | about 9 months ago | (#45362583)

There is one small silver lining to this otherwise ugly cloud... if of course there's a way to hide any trace of TrueCrypt on a machine that's using it?

Re:Free testing (1)

Anonymous Coward | about 9 months ago | (#45362707)

So, even if you have some super-duper unbreakable encryption, which has been audited and you can guarantee that it contains no NSA backdoors, so what? If the NSA can't break your encryption they'll simply yell "National Security" and get a secret order from a secret court compelling to do decrypt your stuff or face prosecution -- prosecution which will be carried out in secret, making it impossible to defend yourself.

I'm very curious about this as I use truecrypt volumes of various types and sizes to fill my freespace with random data so free space wipes take less time. When I need some more room I delete a volume. The thing is when I make these I just grab a snippet of text from whatever I have open at the time. They are just junk files that truly can't be opened, does this mean I would sit in contempt of court for decades? Seems likely at this point.

Re:Free testing (2)

letherial (1302031) | about 9 months ago | (#45363849)

I think the bigger question here is, why do you need to wipe your free space? are you hiding something from the NSA?

Re:Free testing (1)

L4t3r4lu5 (1216702) | about 9 months ago | (#45366169)

For the same reason I shred my old bank statements and cut up my old credit cards.

I didn't read the parent to your comment, so I'm taking your comment as worded. This information is valuable to other people, whether they can use it to imitate you to get further information from a trusted source or to access your finances or medical history. I wipe the free space because the end point (my PC) isn't secure. The remote server is supposed to be secure, as is the connection to my PC, but once decrypted on my computer it is plaintext. If it's stored on the hard disk, e.g. swapping or in temporary files, then there is going to be a record of that information accessible to those with the (freely available to download) tools to retrieve it.

Not securely wiping your hard drive before disposing of it is like throwing your bank statements out in the trash.

Re:Free testing (1)

letherial (1302031) | about 9 months ago | (#45367819)

i guess the joke went over your head(see parent comment)....but thats ok, your right though, wiping data is a good idea. You could always just encrypt your entire drive as well, making wiping unnecessary.

Re:Free testing (1)

L4t3r4lu5 (1216702) | about 9 months ago | (#45368205)

I would argue that you should also wipe at least the start and end of the drive (for TrueCrypt encrypted volumes) to destroy the (yes, also encrypted) key.

TrueCrypt, as an example, uses the "user key" you provide (weak) to encrypt the "volume key" generated from the various RNGs and entropy pools available (strong), like wiggling the mouse.This is used to actually encrypt the data. This way, you can change the "user key" without having to decrypt and re-encrypt the entire volume; Only the "volume key" needs to be re-encrypted. Overwriting the beginning and end of the drive destroys both the master and backup of this key, rendering the drive utterly unrecoverable except by brute force.

I also pointed out that I didn't read the parent comment ;)

Re:Free testing (0)

Anonymous Coward | about 9 months ago | (#45367235)

What's wrong with dd if=/dev/urandom of=/some/dir/blank0001 bs=1M count=1000?

Re:Free testing (2)

letherial (1302031) | about 9 months ago | (#45363827)

Well put it in a hidden container and put stupid shit inside your normal container and give them that password. Throw a bunch of tax returns and shit in there and say you where only following your IT friends advice on protecting your finance documents, or if your IT, say you practice what you preach.

Also, assume they will find this post and use it to prove you have a secret container, so you'll want to change your name, SSN, DOB and possibly a face change(at least your hair), in fact, why where you stupid enough to talk smack on NSA in a public forum? Clearly if you dont like the NSA watching over you then your a hardcore criminal/terrorist and we can just skip the whole show me what you got trial bullshit and lock you up...or maybe just bomb you. Hidden containers wont matter to the drone and the secret judge who already ordered your death.

Point is...your fucked.

Re:Free testing (0)

Anonymous Coward | about 9 months ago | (#45364559)

> If the NSA can't break your encryption they'll simply yell "National Security" and get a secret order from a secret court compelling to do decrypt your stuff or face prosecution -- prosecution which will be carried out in secret, making it impossible to defend yourself.

[citation needed]

Pretty sure that's not how FISA works

Re:Free testing (0)

Anonymous Coward | about 9 months ago | (#45366299)

In practice, it is slightly worse, but it does work that way generally.

Re:Free testing (0)

Anonymous Coward | about 9 months ago | (#45365485)

Ayup, however, you are speaking as an American, which constitutes a small minority. For the rest of us, Truecrypt and GPG are truly useful to protect us from American and UK spying overreach.

Re:Free testing (1)

rvw (755107) | about 9 months ago | (#45367579)

If you've been paying attention, you see what the real problem is.

The real problem here is that you're living in the USA. And another problem is your thinking.

Many of us don't live in the US. And even if we live in the EU, in a country who's secret service cooperates with the NSA, we still don't have a Patriot Act and I don't think that people here are abducted to the US or some stinking country without human rights for something like this.

Then your thinking. Most of us are just normal people, who want to protect documents for various reasons, and we want to use stronger encryption without backdoors if possible, because it will make it more difficult for anyone to break. And we want to store those truecrypt volumes in our dropboxes or iclouds or google drives or wherever. Having strong encryption without backdoors will guarantee that the NSA won't be able to scan those documents. They cannot read what's inside. And because they cannot force everybody to give their keys, 99.999% of us will have our documents safe from prying eyes. Those people who run into trouble with the NSA - valid or not - they will face your scenario. And they will not be safe, maybe even for EU citizens.

Re:Free testing (2)

Anonymous Psychopath (18031) | about 9 months ago | (#45362673)

So they're getting crowd-funded money to do all their testing to ensure no one can see the NSA's back doors they have in place.

So what's your answer? Everyone just does their own code review?

They need an independent expert to validate it? (3, Funny)

Anonymous Coward | about 9 months ago | (#45362093)

Alright, I'll volunteer. Once the money has cleared my account, consider it "validated."

Re:They need an independent expert to validate it? (1)

Anonymous Coward | about 9 months ago | (#45362237)

Look, validating software is quite important as well. Its not as if validating truecrypt is something you can easily do in your free time. You need people that understand encryption and software to be able to get somewhere.
I am sure they won't just give any jackass the money and not demand reproducible steps and clear verification of the source code.

Its not because validating that everything works like they say it does without adding any code, that validating is a valueless job. There is great value for anybody trusting upon truecrypt to have it validated by people who are able to actually do a good validation, and its not a 5 minute job to go through all the source and understand everything it does, so its very reasonable to pay somebody for it.

I'm just speculating here .. but (0)

OhANameWhatName (2688401) | about 9 months ago | (#45362135)

.. would the people of the United States have trust issues with the NSA?

Re:I'm just speculating here .. but (0)

Anonymous Coward | about 9 months ago | (#45362397)

No. Why would you say that?

(SSSSSSSSHHHH...they're listening.)

If something "fishy" is found... (0)

Anonymous Coward | about 9 months ago | (#45362145)

...i'll feel a great disturbance in the Force, as if millions of terabytes suddenly cried out in terror and were suddenly erased. I fear something terrible has happened to the hard drives industry.

Won't work for the Windows version (4, Insightful)

kbg (241421) | about 9 months ago | (#45362285)

The Windows version is compiled with MSVC, which almost certainly has a NSA backdoor that gets compiled into the TrueCrypt binary.

Re:Won't work for the Windows version (2)

Mr0bvious (968303) | about 9 months ago | (#45362467)

Please vote this up..

Indeed, the vectors for adding back doors is not as simple as looking at source code.

Re:Won't work for the Windows version (5, Insightful)

vux984 (928602) | about 9 months ago | (#45362589)

Sure, vote it up as a point that the the toolchain is always suspect, but saying MSVC is injecting backdoors into everything it compiles is just plain idiotic.

Re:Won't work for the Windows version (1)

Mr0bvious (968303) | about 9 months ago | (#45362681)

Absolutely, I'm no conspiracy theorist. I just agreed that the source code is not the only vector for injecting backdoors.

Re:Won't work for the Windows version (4, Informative)

sconeu (64226) | about 9 months ago | (#45362803)

* We know that the distributed source generates the distributed binaries. There was an article on this (I'm too lazy to search for it).

* This audit will vet the source so that there are no *CODED* back doors.

* The code is still vulnerable to a Ken Thompson style attack.

Re:Won't work for the Windows version (1)

swillden (191260) | about 9 months ago | (#45363151)

The code is still vulnerable to a Ken Thompson style attack.

Is it possible to build the Windows version of TrueCrypt with GCC, or the Intel compiler? If so, then the Thompson attack can be worked around.

Re:Won't work for the Windows version (1)

Desler (1608317) | about 9 months ago | (#45363317)

Unless one is planted into GCC.

we know current version gcc is safe (2)

raymorris (2726007) | about 9 months ago | (#45364167)

We know that the current version of GCC doesn't have the "Ken Thompson" trojan. The original version could have, theoretically a but it couldn't survive so many versions. Also, gdb would have revealed it long ago.
Maybe gcc also trojans gdb? And ptrace, and ...
You have to imagine that the author wrote specialized trojans for a bunch of programs that hadn't been created yet, and hid them all in a few kilobytes. That's beyond impossible, even for the best programmer in the world.

Re:Won't work for the Windows version (1)

swillden (191260) | about 9 months ago | (#45365115)

Unless one is planted into GCC.

Easy to eliminate. There are plenty of other open source compilers.

http://arxiv.org/pdf/1004.5548.pdf

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45366543)

But what if THOSE have trojans too?! (point being, you can't please or shut these people up)

Re:Won't work for the Windows version (1)

swillden (191260) | about 9 months ago | (#45369081)

But what if THOSE have trojans too?! (point being, you can't please or shut these people up)

The method is extensible. You apply DDC to all compilers. In order for any of them to be trojaned, they all have to be trojaned... and they all have to include trojans specifically written for each of the others, which include the trojan all pairwise combinations.

So if you have three compilers, with source code, you can apply DDC three times (A/B, A/C, B/C). If you detect no trojans, then either none exist, or each compiler must contain all three trojans (one for each compiler) and each trojan must contain code to detect each compiler.

As the number of compilers goes up, the attacker's job gets harder. It's O(n^2) in the number of compilers, but it's actually tougher than that because at some point all of this compiler-detection and modification code gets big enough that it becomes easy to find in the binary. And the detection and modification code can't be too obvious, either.

Note that while the attackers job gets harder as O(n^2), the detecter's job is O(n). It's not necessary to do DDC pairwise; you can order the compilers in a ring and compile around the ring... compile compiler i with compiler i + 1, then when i = n, use that last compiler to compile the first. Unless each compiler in the ring had code to detect the next and trojan it, inserting trojans for every other compiler in the ring, the modifications will be detected.

If you need more compilers, you can get multiple versions of each compiler to throw into the mix. It's particularly good to go back to very old versions which could not possibly have known enough about the structure and code of new versions -- or entirely new compilers -- in order to be able to detect and modify them.

The fact that clang is a very new compiler is quite useful this way. Pick old versions of GCC and the BSD compiler which predate the existence of clang by several years and apply DDC. If you don't detect a modification, they're all good -- unless whoever is trojaning everything is going back to software archives and quietly modifying old copies of the source code. So to be really sure you want to get your old copy from a trustworthy, or at least unmodifiable, source. For example I have some old CDs of the Red Hat distro from 1997.

As a final proof, you can always just write your own C compiler from scratch. C is a simple language and if you don't care about producing optimal code or making it fast you can build a compiler from scratch in a few weeks of focused work.

This problem is easily solvable.

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45363857)

Probably, but you wouldn't be using the windows compiler, thus its possible for your end file to differ from their end file. Which is fine for personal use, but it doesn't help you verify that the binaries they distribute are safe.

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45368101)

Idiots, have you tried compiling tc on windows?

It needs an ancient specific version of
windows ddk and compilers.

Have have ever found a second source for binaries? I haven't on the web.

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45363259)

Is that that bad an assumption?

Microsoft worked very closely with the NSA, giving them bugs before fixing them so they could be abused. I don't think you need a big drop in morals to go from there to making everything compiled with your software be backdoored by default. I guess you could attempt to check it by compiling the smallest program possible and checking that, but even then it probably already includes more code than you would want to go through.

Of course a good counter argument would be that if you backdoor everything automatically, why would you need to share bugs?
Hell, why backdoor most stuff if most of it depends on your software (like .net) anyway.

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45363445)

You're right. No compiler could ever inject a backdoor.

Oh wait. The first public C compiler had a backdoor. Maybe you can claim that Microsoft isn't technical enough to pull that off, but they've had forty years and ten of thousands of employees to try to duplicate that feat so maybe there's a chance that they could possibly do what Thompson did. It theoretically possible that that they have caught-up to the C compiler from 1972. Maybe.

Re:Won't work for the Windows version (4, Informative)

steelfood (895457) | about 9 months ago | (#45364213)

No, but certain differences between the TrueCrypt volumes generated by Windows and the TrueCrypt volumes generated by Linux point to there being a strong possibility of a backdoor in the Windows-only version.

I'd be interested to see if there's actually code that writes out those random bytes in the header for Windows only, or if something else (API, MSVC, etc.) is causing the randomness. Because if it's the latter, then the chance of it being a backdoor goes way, way up.

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45365095)

At the Tor blog [torproject.org] they say "On Windows builds, something mysterious causes 3 bytes to randomly vary in the binary". No explanation though.

Re:Won't work for the Windows version (1)

kbg (241421) | about 9 months ago | (#45374111)

Not injecting backdoor into everything, just into the TrueCrypt binary. What is the easiest way to inject a backdoor into TrueCrypt? By asking Microsoft to add a backdoor to the MSVC compiler.

Re:Won't work for the Windows version (1)

vux984 (928602) | about 9 months ago | (#45375329)

So ... if "solution name" = truecrypt, and source-code file = xyz.cpp then replace x with y?

How plausible is that really?

What is the easiest way to inject a backdoor into TrueCrypt? By asking Microsoft to add a backdoor to the MSVC compiler.

I think there's lots of easier, more reliable, less detectable ways than that.

Re:Won't work for the Windows version (1)

kbg (241421) | about 9 months ago | (#45386495)

Of course it isn't something simple like if "solution name" = truecrypt, that is just stupid. It's more like detecting specific encryption algorithms in TrueCrypt and injecting code that makes the encryption weaker by either modifying the encryption slightly or storing maybe part of the key somewhere in the data. So for the right people who know about the back door, decrypting becomes an easy task.

How plausible is that? Well I guess you haven't read about the Ken Thompson hack for the C compiler. Doing something like this is VERY plausible.

Re:Won't work for the Windows version (1)

vux984 (928602) | about 9 months ago | (#45387225)

Of course it isn't something simple like if "solution name" = truecrypt, that is just stupid.

Yes.

It's more like detecting specific encryption algorithms in TrueCrypt and injecting code that makes the encryption weaker by either modifying the encryption slightly or storing maybe part of the key somewhere in the data.

That's a non-trivial hack, how do you propose it "detect specific enryption algorithms in truecrypt" to detect that its compiling truecrypt, and then modify it. How many bytes of code do you think it would take to program that?

And remember that hack has to be hidden in the compiler binary. And per the KTH hack, in order to not get discovered by the first disassembler or debugger that walks by it also has to infect those, which is even more complex and non-trivial code, that has to be hidden and spread.

The amount of work the KTH has to be able to perform to defend itself from detection grows exponentially, while the amount of effort to detect the hack grows linearly. (look it up). In practice the KTH code would grow so big with code to defend itself that compiler would end up being mostly KTH code.

The KTH demonstrates the difficulty (impossibility even) of provable security. But an actual KTH remaining hidden from someone specifically looking for one is VERY IMplausible.

Re:Won't work for the Windows version (1)

EETech1 (1179269) | about 9 months ago | (#45364715)

www.techarp.com/showarticle.aspx?artno=770&pgno=3

Hmmm...

Re:Won't work for the Windows version (2)

Anti-Social Network (3032259) | about 9 months ago | (#45362811)

Which is why, if you read the info on the IndieGoGo blurb, they talk about a validated Windows build that is signed.

Unfortunately it's not realistic to ask every Windows user to compile Truecrypt themselves. Our proposal is to adapt the deterministic build process that Tor is now using, so we can know the binaries are safe and untampered.

Re:Won't work for the Windows version (2)

gl4ss (559668) | about 9 months ago | (#45364915)

some guy replicated building the released tc binaries already though.

so unless the compiler is attaching a tc specific backdoor to everything..

Re:Won't work for the Windows version (1)

kbg (241421) | about 9 months ago | (#45366143)

Yes and he used the MSVC compiler which could include the NSA backdoor.

The compiler doesn't have to attach the backdoor to everything, only when the TrueCrypt binary is being created.

Re:Won't work for the Windows version (1)

kbg (241421) | about 9 months ago | (#45366127)

You missed my point. As long as the MSVC compiler is used you can't be sure the binary is correct, even thought the source is audited. The only way to do a validated Windows binary build is to use an open source C++ compiler that has been audited to compile the Windows version of TrueCrypt.

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45362929)

Windows itself is compromised. It doesn't matter how secure your source is, or how secure the binaries are.

Re:Won't work for the Windows version (2)

letherial (1302031) | about 9 months ago | (#45364233)

If you have followed any basic critical thinking class then you should observe one simple fact about this statement. It is a opinion, there are not facts supporting this that i am aware of (and many other claims about this article), nor is there any provided evidence.

If you use windows there are facts you should know. 1. its the most used OS and is the biggest target for anyone wanting information. Its far better to build a generic malicious code that will attack a known vulnerability of windows, even if its not zero day, then it is to bother with the small percentage of people who use linux/mac, that is where the main problem with using windows. 2. There is really truly no way to know what is programed in windows, if you think microsoft would put at risk the world market for the NSA without one big fight, then you probably dont want to use windows. Consider this though, most breaches happen not because there is some easy way to break into windows, but because the admin didn't do something properly.

Now its not up to me to decide what level of paranoid security you run, or why you choose one OS over another, it is up to me however to call out bullshit, or at the very least, demand evidence on outrageous claims.

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45365199)

The problem is, Microsoft owns the Private keys that sign any keys generated by a Windows System. Thus by default, any and all keys on a MS box are compromised from the beginning. This is the problem with PKI and any system that is not 100 percent under the User Control as to generating/signing keys. Until it is, I have to assume that any and all Windows Boxes are completely compromised by what ever government wants the data.

Remember how fast those AlQueda Laptops using EFS were decrypted even though MS/NSA supposedly had no keys to do it? That's because MS does hold the keys to the kingdom. They're used to validate every Windows Update and such that occurs upon a windows system. The big question becomes "Am I paranoid Enough?" to which I have to answer that most people aren't paranoid at all and thus the answer is "Hell No!"

Fast Turtle

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45366623)

So use an old Borland C++ compiler and compare the two binaries. Or Watcom. I mean, C and C++ haven't changed substantially since the 90s. If the NSA has hooks in all software tools ever made, there's no hope anyway.

Re:Won't work for the Windows version (0)

Anonymous Coward | about 9 months ago | (#45367105)

Watch out, your tinfoil hat is slipping..

American based auditors ? (0)

Anonymous Coward | about 9 months ago | (#45362341)

They can audit all they like but if they are American why should a believe a word they say ?, with all those secret courts, secret gagging orders, oh and a $50B budget

Does anyone really care? (5, Insightful)

badasawsomeness (3025411) | about 9 months ago | (#45362599)

I feel like this has been reported on 5 times by now. Yes we know they are raising money, please no more updates until the findings from the audit are in.

In the mean time is there any actual point to this? While TrueCrypt can be one of the best methods for a typical home user or even tech savy business person to encrypt that naughty folder. But it honestly isn't as widely used as they make it out to be. Most softwares or businesses use their own encryption. Not to mention the nature of TrueCrypt means its most often used to secure locals files or drives, meaning unless the NSA has direct control over your computer they really cant get at your stuff.

Also would this resolve anything? As soon as the audit is done people will either, question the findings for one reason or another. When in the end all the audit can say is if there is an intentional backdoor or if there is an obvious flaw in the code that would leave it vulnerable. Even if neither of these turn up there is still a very real chance the NSA found their own unintentional flaw in the code that allows them to greatly reduce the time required to decrypt the drive.

Re:Does anyone really care? (3, Interesting)

AHuxley (892839) | about 9 months ago | (#45364955)

Its more for people moving around the world. But the main risk is having your media looked at and someone seeing your need for the use of encryption.
You could have all other data quickly captured and end up on a few gov lists with your computer returned.
The NSA mostly seems to like to track all net use globally and then zoom in on users, their OS, files reviewing their digital lives.
Tame OS, telcos and software seem to help the NSA with the final steps i.e. the end users encryption and saving the keystrokes for easy very decryption.
But just the act of requesting an audit does make 'easy' past with some software more difficult.

Re:Does anyone really care? (0)

Anonymous Coward | about 9 months ago | (#45366325)

Since truecrypt needs to decrypt while the pc is being used the whole thing is a complete waste of time. Any back door is (somewhere other than in the truecrypt code) sure to be using standard file reads etc which makes the data visible. If the machine is *off* and they nick it then all bets are off because they'll force the password out of you anyway if they deem it important enough.

Probably a worthless approach (0)

Anonymous Coward | about 9 months ago | (#45362975)

The NSA has decades of computer analysis running 24/7 on hardware no one can ever hope to match. Any audit done by "security professionals" will generally be worthless as it does not account for flaws or new approaches that require a specific dollar amount in terms of resources to implement.

I think the best approach is to stop using standard algorithms altogether and start implementing independent weak algorithms. That makes the task much more difficult as algorithm identification is a harder task than the break itself.

Let's make them work for it.

audit will reveal the likely flaws, non-encryption (2)

raymorris (2726007) | about 9 months ago | (#45364199)

The best way to deal with strong encryption is to go around it, to use the back door. Those are the flaws an audit would reveal, issues not with the actual encryption, which is a fairly small part of the software, but with the other 90% of the code .

The encryption itself has been analyzed, and will continue to be analyzed, outside of Truecrypt, which is just one of many packages that use the same encryption.

ps - your homemade encryption isn't hard to figure (1)

raymorris (2726007) | about 9 months ago | (#45364267)

Ps - you're independent weak encryption is not hard to figure out. Let's say you use it for some PHP script on your web site. Well, it's on a publicly accessible web server, and it's friggin PHP, so I'll have the source code in ten minutes. As soon as I see the source, not only do I know what weak algorithms you're using, but I can also see the common flaws in your particular implementation.

A case in point -
A common "do it my own way" idea is to stack hash algorithms. Take a sha256 of the data, an MD5 of that, and RC4 that or whatever. Well, stacking hashes results in a hash that's provably WEAKER than the weakest hash in the chain. Each step you take to make it stronger actually makes it weaker.

I'm a total DIYer. I'd even DIY stitching a cut. There are two things you shouldn't DIY - high explosives and information security. (But low explosives are fun.)

production of craftsmen, the global approach to cu (-1)

Anonymous Coward | about 9 months ago | (#45364091)

Hermes Birkin [hermesbirkinhandbag.com] and Hermes Kelly from the 1980s, due to too popular, but limited production of craftsmen, the global approach to custom, the average ordered a, probably need to wait two years.

If you buy a Hermes Birkin bag or hermes wallets [hermesbirkinhandbag.com] , you can usually line up on the Waiting List, you will be notified after the arrival. The special system of law should be Order before
Can enjoy. Order usually choose leather, fasteners and other details such.

Some of the money should go to a Bug Bounty (1)

fluke11 (1160111) | about 9 months ago | (#45365145)

I think it is an interesting idea of have a third party audit the code. However, I see the following problem with it:

  • They do not name who will be auditing the code. I think it makes a huge difference if Harold & Kumar perform a security audit in comparison to Bruce Schneier, Steve Gibson and Theo de Raadt perform a security audit.
  • The security audit will be against a specific version and doesn't answer the question of if someone with government level resources could sneak something into a future version.
  • Purpose of funding a security audit is usually with the hope it will turn up nothing. However, even if nothing is found, that does not prove nothing sneaky exists.

The advantages of also having a Bug Bounty is:

  • It extends to a wider base of security auditors since anyone interested in collecting the bounty can be included.
  • It extends across multiple versions for as long as the bounty is still being offered.
  • It only needs to be payed out if some problem is actually found.

sadly (1)

eyenot (102141) | about 9 months ago | (#45365539)

Sadly, though, there is only one party offering to take a huge sum of money to crawl through code for a few weeks or possibly months. And it seems to me that the parties offering to do the work have a vested interest in the results coming out "negative for NSA bugs".

This means ( as others here have pointed out ) that there cannot truly be independent verification. As someone else points out, the money would be better spent on bug hunts.

The approach bears the mark of vigilantism. I say that, because encryption operating outside of scientific controls isn't trustworthy encryption. Anything that even touches the subject of encryption and expects to come away tinged with credibility needs to be isolated under scientifically controlled conditions.

Without the financially disinterested, scientifically and academically conglomerate third party offering to perform this same role as a purely academic public service, the scientific control doesn't exist.

You might point out that Green & White are academics, but also read in the article that they are going to take the money and hire an auditing company to do the actual work. That company is at this time completely up in the air. So the academe is thrown right out. The company could decide to hide troubling lines of code from Green & White. and give the code a clean audit. Who is going to raise the other $50,000 to cross-verify using similar means, when that means is so flawed that it obviously cries out for cross verification?

And what are Green & White hoping to get out of this? Are they going to become some sort of security world fixers? Are they going to become the secret holy grail of opportunistic businesspersons, the mythological "information brokers"? They aren't starting out with a purely academic premise or approach, so this is not going to be all that worthwhile for their academe so much as for their standing in that cross-ways between what Eisenhower referred to as "the military industrial complex" and what he referred to as "the educational research complex".

And our hypothetical, white-horse scientific group's work would have to be redundant. No part of the code could be independently verified by one person -- each procedure and call would have to be pored over by a panel to verify unanimously ( with the group ) that the conclusion about the reliability of the code segment was sound and that that section of code is trustworthy. Can we say anything like that is going to happen as this group of a few people munches and dines its way through the $50,000?

And this smacks of advertising. We're in a time, now, just after numerous encryption, secured storage, and secured email services have self-destructed in the wake of serious allegations of domestic spying. Apparently they found that they were either currently compromised, were facing a future of being compromised, or could not handle the pressure that the NSA was putting on them immediate or projected.

That's entirely the reason why this is happening -- to take a product that is popular and to scrutinize it carefully, taking advantage of its open source to contrast how different that reality is from the reality of closed box cloud services. It's a brand demonstration for the open source community in the least sense, but in a greater sense it's a product demonstration for TrueCrypt. Even TrueCrypt has rung in its "approval" of the audit.

We have people asking "who's auditing the auditors", "whose watching the watchdogs", etc. But who's watching this, this whole fiasco? A very limited crowd of people for whom it's not really a learning experience so much as reminder of the drudgery and toil that code and coding actually represent.

Let's ask ourselves seriously why this code isn't already vouchsafed by the community, first of all. If you can't take a completely open group that could theoretically consist of anybody with a computer terminal and say that this sample group -- the open source community, basically the world at large -- is sufficient to represent disinterest, then how are you going to somehow sample disinterest with a tiny handful of people? Who are doing it for profit? Who aren't even pursuing it in a scientifically controlled or purely academic manner? Obviously just turning the effort of auditing the code out to the open source community (and world at large) would be far more secure, and could potentially cost nothing. I'm sure a few million coders putting in bed-reading-time or youtube-subscription-catchup time could cross verify the entire thing to a satisfactory number of degrees of separation in good time. The effort would always be there for other people to join in and vouchsafe or re-verify. Why should this process occur in a closed laboratory?

Obviously the reason this sort of massively distributed auditing isn't occurring isn't just the logistics of it. It could be organized using any number of existing networks including Usenet, mailing lists (or would that be too vulnerable to tampering), and IRC. There is some psychological barrier to the work being already well done and established.

This brings me back to my point about how this all smacks of marketing to a specific niche crowd, the open source crowd. Now we can see clearly that the open source crowd ISN'T the go-getter, constantly vigilant, ultra-paranoid crowd that millions of Starbucks customers claim it to be. It's just another marketable consumer demographic, and this is how you market products to it.

With subterfuge and laziness.

We need a perminant comittee (1)

davydagger (2566757) | about 9 months ago | (#45366907)

We need to turn this into a perminant comittee to rountinely test all open source encryption software, popular kernels (linux, freebsd, etc...), webbrowsers(firefox,chromium), webservers(apache, nginx), and other essential bits of free software we depend on (mariadb, php, python, etc...)

Truecrypt is not open source (0)

Anonymous Coward | about 9 months ago | (#45367155)

Re:Truecrypt is not open source (1)

TangoMargarine (1617195) | about 9 months ago | (#45369439)

It's "open source" in the colloquial definition of the term as "the source is public; you can download and compile it, and use the resulting output for personal use."

backdoored binary may differ in a few bits (0)

Anonymous Coward | about 9 months ago | (#45368013)

#if BACKDOORED
    random &= 0xffff
#endif

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>