TrueCrypt takedown

JJ Gray jj.gray at
Fri May 30 08:56:42 BST 2014

On 30/05/2014 02:55, dw+ukcrypto at wrote:

> A little too obvious, but perhaps it's simply the fact XTS encryption
> offers no authentication, leading to a huge range of tampering
> possibilities for anyone with physical access. Some concrete, repeatable
> attack may have been discovered by the developers.

This was also demonstrated (with access to memory) by Volatility Labs
[1] and there is also a good summary of the issues associated with XTS
[2] which includes some interesting footnotes, such as the NIST public



More information about the ukcrypto mailing list