/ Cory Doctorow / 12 am Thu, May 29 2014
  • Submit
  • About Us
  • Contact Us
  • Advertise here
  • Forums
  • Mysterious announcement from Truecrypt declares the project insecure and dead

    Mysterious announcement from Truecrypt declares the project insecure and dead

    The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.

    The Sourceforge project page for Truecrypt now sports a cryptographically signed notice that Truecrypt should no longer be used as it is not secure. The news came on the heels of a crowdfunded $70K security audit of the open source, anonymously maintained software giving it a relatively positive initial diagnosis. The announcement -- signed by the same key that has been used to sign previous, legitimate updates -- links Truecrypt's deprecation to Microsoft's decision to cease supporting Windows XP, though no one seems to have a theory about how these two facts relate to one another.

    WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

    Truecrypt is a widely used system for disk-encryption, and is particularly noted for its "plausible deniability" feature, through which users can create hidden partitions within their cryptographic disks that only emerge if you enter the correct passphrase; this is meant to be a defense against "rubber hose cryptanalysis," in which someone is physically or legally threatened in order to coerce them into yielding up her keys. In the "plausible deniability" scenario, the victim can give up the keys to a "harmless" partition while keeping the very existence of a second partition for sensitive material a secret. I am a Truecrypt user, as, apparently, is Edward Snowden, who lectured on the software's use at a Cryptoparty he held in Hawai'i before going on the run.

    The response to the Truecrypt news is mostly frank bafflement. The software is licensed under an obscure "open source" license that makes it unclear whether third parties can support the now (apparently) orphaned codebase.

    Matthew Green, a Johns Hopkins University Information Security Institute crypto researcher, is the experts who led the fundraising in order to audit the Truecrypt source; in an interview with Brian Krebs, he says that he intends on continuing the work:

    “There are a lot of things they could have done to make it easier for people to take over this code, including fixing the licensing situation,” Green said. “But maybe what they did today makes that impossible. They set the whole thing on fire, and now maybe nobody is going to trust it because they’ll think there’s some big evil vulnerability in the code.”

    Green acknowledged feeling conflicted about today’s turn of events, and that he initially began the project thinking TrueCrypt was “really dangerous.”

    “Today’s events notwithstanding, I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there,” Green said. “But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact the we were doing an audit of the crypto might have made them decide to call it quits.”

    Whether or not volunteer developers pick up and run with the TrueCrypt code to keep it going, Green said he’s committed to finishing what he started with the code audit, if for no other reason than he’s sitting on $30,000 raised for just that purpose.

    The recent Heartbleed vulnerability demonstrated that even code that is widely used and widely examined can harbor long-lived critical bugs. As Green points out, the spectacular and mysterious blow-off from the anonymous Truecrypt team means that even if the code is given a clean bill of health from its auditors, it may be hard to convince people to trust it ever again.

    Truecrypt's own warning suggests that users try Bitlocker, the proprietary Microsoft full-disk encryption tool that relies on the on-board Trusted Computing Module to attain a high degree of security. Microsoft itself has a deservedly poor reputation for standing up to government demands to weaken its products' security, but Peter Biddle, one of the architects of Trusted Computing and Bitlocker, has previously told me that he was repeatedly approached by frustrated federal agents who couldn't decrypt Bitlocker partitions, and I believe him, based on my personal knowledge of his character and work.

    The free/open source world has some good solutions, like LUKS and dm-crypt, both of which come pre-installed on popular GNU/Linux versions like Ubuntu. The Ubuntu installer has a nice front-end to this stuff, allowing you the option of encrypting your whole disk while you install your OS.

    In the meantime, the cause of the shutdown remains a mystery. This Reddit netsec thread is full of juicy speculation about the cause and suggestions for alternatives to Truecrypt.

    I'd be interested in hearing your thoughts on alternatives to Truecrypt, and your overall data-security practices. Do you have a "plausible deniability" strategy for your own sensitive data?

    -Cory Doctorow

    (Image: Hard Drive 016, Jon Ross, CC-BY)


    / / / / / /

    Notable Replies

    1. Fine. But then why write TrueCrypt in the first place? If the entire project was an exercise in ego, why remain anonymous?

      As for the Microsoft recommendation: I'm not going to say that any encryption shipping with the most popular desktop OS is backdoored by the NSA, I'd just be surprised if it wasn't. I am not a TrueCrypt user, but I suspect other TrueCrypt users would laugh outright at such a recommendation. Therefore the recommendation serves two theoretical tinfoil-hat purposes: It complies with the letter of (supposed) government pressure, while simultaneously communicating (to the properly paranoid) to do the exact opposite of what is stated (i.e., don't use Bitlocker).

    2. Ego gratification isn't necessarily public: plenty of people will get a kick from privately doing something cool and challenging.

      Just what I was thinking. After the Lavabit case (and who knows how many others?), it's hard to believe that Truecrypt hadn't come under pressure from $GOVTDEPT to build a backdoor: $GOVTDEPT wouldn't be doing its job otherwise. And if you were Truecrypt's builder in that situation, what would you be most likely to do? Kill the project rather than compromise it, and recommend an alternative which $GOVTDEPT couldn't object to, but which the security-conscious would understandably be wary of.

    3. The author(s) are extremely secretive and have been shown to be rather cantankerous in the past on the rare occasions that they do make statements.

      Truecrypt has also been largely unmaintained for a couple of years now.

      My guess is that whomever was maintaining it got tired of the project, and then got a notice from someone that they found a vulnerability and basically just said "fuck it".

    4. Britain's service made a bit-for-bit copy of one of the drives that probably contained a Snowden partition when they raided the Guardian, as well as David Miranda's laptop (whether or not it contained anything.) They gave this to the USA and the NSA has it now. But it's just sitting there. If they have it. They can't verify if they have it or not, but they think they may.

      The NSA doesn't know what Snowden took and wants to know, badly. So they are going after TrueCrypt, because it's widely known that Snowden used it. If they can crack TrueCrypt from the inside out, they have a shot at decrypting anything they might have from their raids.

      TrueCrypt guy is going, pffffffff, I'll just LavaBit the project. I'm tired of it and I don't wanna deal with them. Here, NSA, take the source and my notes. Here, public, don't use this software because the shit hit the fan. Use.... MICROSOFT instead, LOL. If you can't see what this recommendation means, you really SHOULD be using MICROSOFT you dimwits.

      I think this is reasonable logic, not paranoia.

    5. On less conspiracy minded thought. This time with end support for XP and with an external code audit and maybe they just didn't want to deal with proper support for win7/win8/whatever is next and also with XP being no longer supported oops malware that breaks truecrypt and there ins't much one can do and they just don't want to deal with it anymore.

      Edit : this http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/comment-page-1/#comment-255908 seems very very plausable.

    Continue the discussion bbs.boingboing.net

    41 more replies