An audit of the TrueCrypt cryptographic software has found a few design flaws but no evidence of intentional backdoors that could make it vulnerable to penetration by intelligence agencies such as the National Security Agency (NSA). The TrueCrypt freeware, which was discontinued by its developers in May, had been used by the team of journalists who obtained a large cache of documents about government surveillance programs from former NSA contractor and whistleblower Edward Snowden.
Published Thursday, the audit's findings described four vulnerabilities in the TrueCrypt software, none of which would have led to a complete loss of confidentiality of encrypted documents. The report was prepared by the NCC Group for the Open Crypto Audit Project, a community-led initiative charged with conducting a public audit and cryptanalysis of TrueCrypt.
At the time, TrueCrypt.org's announcement that it was ending development of its product was accompanied by a warning that "using TrueCrypt is not secure as it may contain unfixed security issues." The news raised numerous questions in the crypto community, which had already raised funds for a phase-one audit of the software that found no signs of security backdoors. The report issued this week summarized the findings of phase two of the audit.
"TrueCrypt appears to be a relatively well-designed piece of crypto software," Johns Hopkins University research professor and cryptographer Matthew Green wrote Thursday in his TL;DR blog post. "The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most cases."
However, NCC Group security engineers Alex Balducci, Sean Devlin and Tom Ritter did identify four less-severe vulnerabilities in version 7.1a of the TrueCrypt software. The most serious of those arose when the Windows Crypto API "in certain obscure situations" failed to initialize properly, preventing the generation of random numbers for encryption keys.
"While disturbing, this issue should not cause failure on common Windows XP uses," the report's authors wrote.
Another relatively serious flaw affected how well TrueCrypt's AES code implementation might be able to resist cache-timing attacks. However, Green noted, "This is probably not a concern unless you're perform(ing) encryption and decryption on a shared machine, or in an environment where the attacker can run code on your system (e.g., in a sandbox, or potentially in the browser)."
Development of Forks Continues
The latest findings on TrueCrypt leave unanswered questions about why the software's developers abandoned their project so abruptly. One theory suggests they closed up shop to avoid being publicly identified. However, the audit results should relieve some concerns about the use of other encryption programs -- including VeraCrypt and CipherShed -- based on the TrueCrypt code.
While TrueCrypt was not open source, its developers appear unlikely -- given their sudden shutdown of operations -- to pursue others that have built new forks using their original program. Another organization seeking to keep the software alive is a Swiss-based team that established TrueCrypt.ch, a site that provides access to downloads of the TrueCrypt 7.1a software for Windows, Mac and Linux.
"The loss of TrueCrypt's developers is keenly felt by a number of people who rely on full disk encryption to protect their data," Green wrote. "With luck, the code will be carried on by others. We're hopeful that this review will provide some additional confidence in the code they're starting with."