Audit of TrueCrypt code completed
The Open Crypto Audit Project website announces the completion of the second stage of the audit of the code of the popular open encryption tool TrueCrypt, the developers of which, on May 28, 2014, very strangely left the scene , advising them to switch to BitLocker, a solution for encrypting Microsoft data. In fact, the audit of the code is completed, the guys from OCAP have only to write the final document with the conclusions.
According to the audit, there is no bookmark in TrueCrypt 7.1a. The auditors noted only 4 potentially bad places that did not lead to compromise of any data under normal conditions:
opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf - the results of the second round of the audit.
blog.cryptographyengineering.com/2015/04/truecrypt-report.html - conclusions of Matthew Green, a member of OCAP.
According to the audit, there is no bookmark in TrueCrypt 7.1a. The auditors noted only 4 potentially bad places that did not lead to compromise of any data under normal conditions:
- Lack of authentication of encrypted data in the volume header
- Mixing a key file occurs in a non-cryptographically stable manner.
- An AES implementation may be vulnerable to a time attack.
- CryptAcquireContext may be uninitialized without error messages.
opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf - the results of the second round of the audit.
blog.cryptographyengineering.com/2015/04/truecrypt-report.html - conclusions of Matthew Green, a member of OCAP.
')
Source: https://habr.com/ru/post/254777/
All Articles