TrueCrypt takedown
dw+ukcrypto at hmmz.org
dw+ukcrypto at hmmz.org
Fri May 30 02:55:55 BST 2014
On Fri, May 30, 2014 at 02:20:39AM +0100, Peter Fairbrother wrote:
> An existing hole or backdoor, which may have been about to be revealed by
> the audit? But the audit people say there is no sign of that, at least so
> far.
> No reasons why the code is/may be broken are given. Actually the "WARNING:
> Using TrueCrypt is not secure as it may contain unfixed security issues"
> does not even actually say TrueCrypt is broken, just that it may be.
A little too obvious, but perhaps it's simply the fact XTS encryption
offers no authentication, leading to a huge range of tampering
possibilities for anyone with physical access. Some concrete, repeatable
attack may have been discovered by the developers.
Possibly in support of this is their recommendation of Bitlocker, which
relies on CBC instead of XTS.
Alternatively they might simply be alluding to the difficulties inherent
in securing the firmware and pre-boot environment, or have strong
evidence of a related attack.
David
More information about the ukcrypto
mailing list