TrueCrypt takedown
JJ Gray
jj.gray at shc.qinetiq-tim.com
Fri May 30 08:56:42 BST 2014
On 30/05/2014 02:55, dw+ukcrypto at hmmz.org wrote:
> A little too obvious, but perhaps it's simply the fact XTS encryption
> offers no authentication, leading to a huge range of tampering
> possibilities for anyone with physical access. Some concrete, repeatable
> attack may have been discovered by the developers.
This was also demonstrated (with access to memory) by Volatility Labs
[1] and there is also a good summary of the issues associated with XTS
[2] which includes some interesting footnotes, such as the NIST public
comments.
Cheers,
JJ
[1]
http://volatility-labs.blogspot.co.uk/2014/01/truecrypt-master-key-extraction-and.html
[2] http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/
More information about the ukcrypto
mailing list