TrueCrypt security history (from isTrueCryptAuditedYet to Oct 2015)

TrueCrypt was a popular tool for encrypting volumes with strong cryptography before integrated solutions like BitLocker for Windows and encrypted .dmg volumes using the Disk Utility in Mac OS X. Linux had an historically good support for a number of implementations like the old loop-AES, Cryptoloop and the current dm-crypt / LUKS. Still a lot of people use TrueCrypt and there is plenty of interest in the software: this include forks, audits, licensing issues, and.. vulnerabilities. The main reason was it’s cross-platform support.

First you need to know that now TrueCrypt is abandonware, as developers discontinued it and suggest users to move to other solutions, as seen from their official statement:

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

The latest available build is 7.2 but do not download it as it’s stated as not secure by the original developers:

Official 7.2 version
http://truecrypt.sourceforge.net/
http://truecrypt.sourceforge.net/OtherPlatforms.html

Our story starts October 2013, when Matthew Green suggested an audit of TrueCrypt that led to the Open Crypto Audit Project founded by crowfounding with a huge success ($16,579 on FundFill and $46,420 on Indiegogo for a total of $62,999). Thanks to a matching donation by the Open Technology Fund (till now $125,998 of total budget) the iSec team was engaged in a 5-6 week long assessment to verify the security of TrueCrypt in it’s 7.1a incarnation.

Verified Windows, OSX, Linux TrueCrypt v. 7.1a binaries and source files
https://github.com/AuditProject/truecrypt-verified-mirror
Signatures of the 7.1a version
https://github.com/AuditProject/truecrypt-verified-mirror/blob/master/file_digests.txt

The audit started in December 2013 and there was an initial report from iSECpartners of nccgroup on February 14 2014, titled “Open Crypto Audit Project: TrueCrypt Security Assessment“. It’s written by Andreas Junestam and Nicolas Guigo, 32 pages long and highlight zero high impact issues, four medium, four low and three informational issues. The iSEC team did not like the code at all and there were some crypto-related concerns but no backdoors were identified.

iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment_findings

Then the bomb, on May 2014 the TrueCrypt team release 7.2 and discontinue the product, but the Open Crypto Audit Project can’t stop. In particular on March 13 2015, iSEC release the final “Open Crypto Audit Project: TrueCrypt Cryptographic Review” report. It’s a 21 page document written by Alex Balducci, Sean Devlin and Tom Ritter and highlights two high impact issues, zero medium one low and one undetermined. The analysis was not a complete code review but the most important portions were audited.

TrueCrypt_Phase_II_NCC_OCAP_final_summary

The findings were related to the random number generation, inability to detect tampering of the volume, the method used to mix the entropy of keyfiles was not correct and several AES implementations were vulnerable by cache-timing attacks but mitigated by fixes introduced by Google’s Zero Project regarding ability to flip bits in adjacent DRAM rows.

TrueCrypt_Phase_II_NCC_OCAP_final_findings

In the meantime between February 2014 and March 2015 other issues are made public:

TrueCrypt bug in serpent implementation (March 2 2014)
https://stackoverflow.com/questions/22122509/truecrypt-bug-in-serpent-implementation

Little (or none?) of the suggestions are implemented in the official 7.2 version but after the discontinuity announce of TrueCrypt two forks arise (VeraCrypt and CipherShed) and implement them. Developers at VeraCrypt and CipherShed are not friends and don’t lose time in bashing each other. Only VeraCrypt has a released version, while CipherShed has the goal to rewrite the 100% of code to solve licensing issues but is still at the “rebranding” stage of development. Still you can use a completely different implementation, like DiskCryptor but IMHO without the community and commercial audit plus.

And we come to the present day, with two high impact and exploitable vulnerabilities found by the Google Security Research for the driver user by TrueCrypt, VeraCrypt and CipherShed to create a system drive on Windows:

Truecrypt 7 Derived Code/Windows: Drive Letter Symbolic Link Creation Privilege Escalation
https://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html
Truecrypt 7 Privilege Escalation
https://packetstormsecurity.com/files/133877/Truecrypt-7-Privilege-Escalation.html

Summarizing, great effort has been pushed into TrueCrypt’s codebase and there is at least one valid fork (VeraCrypt) you can install and use if you need cross-platform support. If you want to encrypt your own data alone use the native Full Disk Encryption solution provided by your OS and you will probably be safer.

For any suggestion and comment @isgroupsrl on twitter :)

–Francesco Ongaro
CEO of ISGroup