German Government Audits TrueCrypt

The German government published the results of its audit of open source disk encryption package TrueCrypt and gave it a relative clean bill of health.

TrueCrypt continues to fascinate even though it hasn’t been updated in more than a year and has been cleared of backdoors in more than one extensive audit.

The German government’s Federal Office for Information Security (BSI) is the latest to inspect and analyze the security of the abandoned open source disk encryption software and once again, it was deemed relatively safe for use, in particular for offline storage of data.

In fact, the European Center for Security and Privacy by Design (EC SPRIDE) and Fraunhofer Institute for Secure Information Technology wrote TrueCrypt might be safer than previous audits suggest, but cautions that it’s inherently not suitable for securing encrypted data on a running system.

“This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations,” wrote Eric Bodden, a professor at Fraunhofer SIT. “Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure.”

Bodden also warned those who continue to download and use TrueCrypt need to address vulnerabilities that have been uncovered by the previous audit conducted by the Open Crypto Audit Project (OCAP) and by Google’s Project Zero research team.

OCAP’s audit was the first major endeavor to conduct a cryptanalysis of the TrueCrypt code and found no deliberate backdoors, which was the big fear after its anonymous handlers suddenly pulled the plug on the project shutting down patch and feature development. The two-phase audit, conducted by NCC Group Cryptography Services, did turn up a handful of vulnerabilities, including two that were deemed critical.

Project Zero also turned up a pair of critical privilege escalation vulnerabilities that were patched in VeraCrypt, a popular TrueCrypt alternative. One of the vulnerabilities, CVE-2015-7358, is more pressing than the other, wrote Mounir Idrassi, who runs VeraCrypt, in an email to Threatpost at the time. Idrassi wrote that an attacker could abuse the vulnerability, in which the TrueCrypt driver does not properly validate the drive letter symbolic link used for mounting volumes. An attacker can leverage a running process to get full administrative privileges.

“The vulnerability should be fixed, as privilege escalation opens the door for other attacks,” Bodden wrote. “But similar problems could arise with any kernel-level driver. Importantly, the problem found does not provide an attacker simplified access to encrypted data. To exploit the vulnerability, the attacker would have to have far-reaching access to the system anyway, for example, via a Trojan Horse or some other form of remote or direct access.”

The German audit also churned up a lack of randomness in the random number generators used for encryption, which puts keys more readily at risk.

“This problem only occurs in non-interactive mode, though, or when using certain access-control policies on Windows. In result, it is unlikely that this problem has actually affected users in he wild,” Bodden wrote. “The problem is that if volumes were created with a weak key then afterwards there is no way to tell. To be on the safe side it would therefore be advisable to re-encrypt volumes with a version of TrueCrypt in which this flaw has been fixed.”

Bodden also noted areas where code quality is an issue and places where refactoring and better documentation are required, all of which was noted in previous looks at the code.

“Generally, the software does what it was designed for,” he wrote.

Suggested articles