17

Since a few days, the Sourceforge project page of TrueCrypt is displaying a message saying:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

And, the authors are even encouraging users to switch for Microsoft BitLocker program. The press did a lot of comments about this change:

A fork of the project even appeared on a Swiss website.

So, what is really happening ? What are these security issues in TrueCrypt ? What kind of security risks can be expected if we are keep using it ?

perror
  • 813
  • 2
  • 10
  • 26
  • 8
    The simple answer is that nobody knows. – GdD May 30 '14 at 15:25
  • At this point, we know that this is NOT a deface attack. The question is really about the security issues that might be found in the software and advices about what to do next (massive migration to other services, or hoping that a fork of the project will be run in the long term). – perror May 30 '14 at 15:30
  • We can't speculate on what might be found. There is a project that is looking at that. Only you can decide whether the risks are appropriate for your environment. – schroeder May 30 '14 at 15:59

1 Answers1

11

As of the latest information, the main problem with Truecrypt right now is that it is no longer supported and maintained. This is of significant importance as we expect the phase 2 audit report from iSec because it means that if serious flaws are found in the encryption used or the implementation of it, then those flaws will not be fixed by the developers. Further issues are created because TC is developed by two semi-anonymous (source in Russian) developers and its unique license prevents it from being open-source. However, until that report shows that flaws exist in the program, it can be argued that it is "safe enough" to use depending on the threats you are faced with in your situation. Essentially, it is no less safe today than it was two or three days ago to most users, although you should not take my word for that as I am by no means a security professional.

Yesterday, when the news was broken, there was initially a lot of speculation regarding the possibilities of what has happened. Theories ranged from the developers simply giving up, to TC being served with an NSL. The anonymity combined with the lack of clarification from the developers and amateurish method of informing their users created a lot of unnecessary speculation.

The Swiss website seems to be a genuine effort to eventually create a fork of the Truecrypt code and to create a new project with a new name.

So to give a rundown of your questions:

So, what is really happening?

The developers seem to have lost interest in the project and they seem to believe that only they have the required knowledge and familiarity with the code, any fork deriving from the TC codebase will be potentially harmful.

What are these security issues in TrueCrypt?

As of right now, the Phase 1 report of the iSec audit found 11 issues in the assessed areas of the code and documentation. The most serious of those being a weak volume header key derivation algorithm. To quote the official report:

Exploit Scenario: An attacker captures an encrypted TrueCrypt volume and performs an offline brute force and/or dictionary attack to identify the key used to encrypt the Volume Header. They use the recovered key to decrypt the volume.

What kind of security risks can be expected if we are keep using it?

If you do keep using it, you should keep in mind that the software is no longer supported. This is significant considering iSec's report on phase 2 of the TC audit was scheduled to be completed. Of course, it is uncertain whether that report will be released or even finished now that TC has essentially shut down. As with any piece of software that is no longer supported, if new issues arise, they will not be fixed. My suggestion for a home-user (such as myself) who faces very weak threats would be to continue using TC version 7.1 until someone picks up the project or a clear successor comes forward. Making rash decisions due to the sense of urgency created with the recent situation is unlikely to produce good results.

I hope this gives a decent overview of what happened. I might update this as new information surfaces.

pythonlarry
  • 103
  • 2
Cbeppe
  • 178
  • 1
  • 9
  • 4
    The "exploit scenario" makes it sound worse than it actually is. All they criticized was, that the number of iterations of the hash function that was used to create the volume key from the user password was too low, thus allowing relatively simple brute force attacks. With a decent user password that should not be a problem though. – example May 30 '14 at 22:24
  • @example: You're absolutely right. What should also be pointed out is that the exploit scenario mentions that the attacker must first capture the encrypted TC volume. According to the TC documentation, TC cannot protect information if the computer falls into the attacker's hands. This means that for an exploit to "break" the intended functions of TC, the attacker must remotely obtain the encrypted volume, which significantly increases the difficulty of the attack. – Cbeppe May 31 '14 at 05:07