TrueCrypt to be Audited: Can it be trusted?

TrueCrypt is a popular free and open-source cross-platform disk encryption program which has garnered quite a following over the years and subsequently established a massive and faithful userbase. However, TrueCrypt has come under the microscope recently with a number of leading security experts questioning the software’s veracity. So much so that a fundraising campaign has been launched to finance a complete and thorough audit of the software.

It must be pointed out that, at this stage, there are no definitive accusations being leveled and the audit is primarily viewed as a means of clearing the air. Recent disclosures regarding the NSA’s alleged attempts to subvert popular encryption technologies have cast a shadow of doubt over the trustworthiness of encryption software in general, and TrueCrypt in particular. As Matthew Green – cryptographer, professor at Johns Hopkins University and co-founder of the TrueCrypt Security Audit initiative – pointed out in a recent blog post:

The ‘problem’ with Truecrypt is the same problem we have with any popular security software in the post-September-5 era: we don’t know what to trust anymore. We have hard evidence that the NSA is tampering with encryption software and hardware, and common sense tells us that NSA is probably not alone. Truecrypt, as popular and widely trusted as it is, makes a fantastic target for subversion.

In TrueCrypt’s case, the concerns are exacerbated not only because of the software’s inherent popularity but also because, somewhat remarkably, very few know who actually developed the software. This from Matthew Green:

But quite frankly there are other things that worry me about Truecrypt. The biggest one is that nobody knows who wrote it. This skeeves me out. As Dan Kaminsky puts it, ‘authorship is a better predictor of quality than openness‘. I would feel better if I knew who the TrueCrypt authors were.

Matthew Green’s article goes on to voice additional concerns, including a worrying differential between the Windows and Linux TrueCrypt versions which tends to suggest a backdoor or other deliberate compromise in the Windows version.

The following quotation is extracted from Ubuntu Privacy Group’s review of Truecrypt 7.0:

The Windows version of TrueCrypt 7.0a deviates from the Linux version in that it fills the last 65,024 bytes of the header with random values whereas the Linux version fills this with encrypted zero bytes. From the point of view of a security analysis the behavior of the Windows version is problematic. By an analysis of the decrypted header data it can’t be distinguished whether these are indeed random values or a second encryption of the master and XTR key with a back door password.

To which Matthew Green responded:

Which of course tees up the most important concern: even if the Truecrypt source code is trustworthy, there’s no reason to believe that the binaries are. And many, many people only encounter Truecrypt as a Windows binary. In my very humble opinion that should worry you.

Again, it must be emphasized that the planned audit is not setting out to substantiate any wrongdoings, quite the opposite… it is hoped that the audit will in fact prove undeniably that TrueCrypt can be trusted rather than not. In Matthew Green’s own words…”Our goal isn’t to find some mythical back door in Truecrypt, but rather, to wipe away any doubt people have about the security of this tool.”

Exact terms are not yet set in concrete but the proposal can be broken down into roughly 4 components:

1. License review. Truecrypt uses an odd, potentially non-FOSS license. We’d like to have it reviewed by a competent attorney to see how compatible it is with GPL and other OSS software.
2. Implement deterministic/reproducible builds. Many of our concerns with Truecrypt could go away if we knew the binaries were compiled from source. Unfortunately it’s not realistic to ask every Windows user to compile Truecrypt themselves. Our proposal is to adapt the deterministic build process that Tor is now using, so we can know the binaries are safe and untampered. This is really a precondition to everything else. And it’s not an easy process.
3. Pay out bug bounties. Not every developer has time or money to audit the entire source. But some have a little time. If we collect enough [funds], we’d like to compensate bug hunters a little bit for anything security critical they find in the code.
4. Conduct a professional audit. The real dream of this project is to see the entire codebase receive a professional audit from one of the few security evaluation companies who are qualified to review crypto software. We’re hoping to convince one of the stronger companies to donate some time and/or reduced rates.

Kenneth White, co-founder of the TrueCrypt Audit Project and principal scientist at BAO Systems, has since confirmed that the TrueCrypt developers have welcomed the impending audit… which is surely a positive sign.

So, bottom line; can TrueCrypt be trusted? I guess we’ll have to wait for the results of the audit before that question can be answered definitely. In the meantime, it will likely come down to personal choice/opinion… divided, I suspect, between conspiracy theorists and proponents of ‘innocent until proven otherwise’.

•  View Matthew Green’s article in full here: Let’s audit Truecrypt!
• “Audit all the things” image <source>