UPDATE — The effort to audit TrueCrypt, the open source encryption tool, received an important endorsement in the last week when a member of its anonymous development team reached out to the organizers of IsTrueCryptAuditedYet?
“He wrote us a friendly but formal letter stating that they were happy to hear about the audit, provided it was a serious effort and not ‘money for nothing,’” said Matthew Green, a cryptographer with Johns Hopkins University in Baltimore, who along with fellow researcher Kenneth White helped get the audit off the ground. Green said the developer expects the audit to operate independently of TrueCrypt to avoid the appearance of a conflict of interest.
The audit hopes to answer a number of questions that have taken on a new significance considering the revelations about U.S. government surveillance on Americans in the name of national security. The principal concern is whether TrueCrypt, which has been downloaded more than 28 million times, has been back-doored. Security experts have concerns also about the custom open source license governing its use whether it opens users up to additional legal risks.
In the meantime, a separate review of TrueCrypt was conducted by Xavier de Carne’ de Carnavalet of Concordia University in Canada that came to the conclusion TrueCrypt is not backdoored between the available sources and binaries. DeCarnavalet said he was able to reproduce a deterministic compilation process specific to TrueCrypt for Windows that matches the binaries. Green and White were quick to praise the project and laud such a grassroots effort.
“TrueCrypt could still be sort of backdoored, but that would be written in the source code and would show up in a serious code audit (let aside the trust in the compilers and in your computer). What I proved is that the program on the website comes from the available sources, and nothing (no backdoor) has been surreptitiously added in between,” de Carnavalet told Threatpost. “This makes the code audit worthy, otherwise, auditors would not be sure they analyze the right thing. I just bridged the gap, so to speak.”
As for the fundraising effort to raise money to hire a professional code auditing firm and legal help to review the license, it jumped $17,000 in the last week. The $53,000 raised so far has helped the organizers develop an initial road map for the audit. The code audit will focus on two areas primarily, Green said: the cryptography used in TrueCrypt, as well as an evaluation of the Windows version. Unlike TrueCrypt for Linux, for example, Windows users download binaries rather than source code. Those binaries cannot be compared to the source code, and behave differently than other versions.
For example, TrueCrypt 7.0a fills the last 65,024 bytes of the header with random values. Are the values truly random, or are they an encryption of the password securing the TrueCrypt volume? If TrueCrypt is compromised, and those values are an encrypted password, the key would be available only to the third party who did the encrypting.
Green said the audit organizers are still in the process of getting bids from security firms to conduct the code audit.
“I can’t give you specifics, but suffice it to say that $50,000 doesn’t go as far as you’d think it does when you’re discussing a full-freight audit by a top company,” Green said. “Now we’re hoping to take advantage of some generosity on the part of various companies, so we won’t be paying full rates. And we’ve already received some generous offers (including one from the Open Technology Fund). But at the end of the day we want to get professional results, and even at a steep discount that kind of work is expensive.”
Meanwhile, de Carnavalet’s work, he said, should ease concerns of the software’s trustworthiness.
“I present how I compiled TrueCrypt 7.1a for Windows and reached a very close match to the official binaries,” he wrote in an article on the process. “I am also able to explain the small remaining differences and then prove that the official binaries indeed come from the public sources.”
Green and White praised the work as instrumental in being able to ultimately arrive at a deterministic build for TrueCrypt, in particular in putting together a prerequisite package of Microsoft tools in order to properly compile TrueCrypt.
“His results are certainly a useful data point, but more so because of the detailed build process he has shared (particularly where it deviates from existing documentation). His work in tracking down exactly which precise Windows Service Pack and version of Visual Studio is needed, the GUIDs, checksum internals, etc. is especially helpful as we conduct an independent verification,” White said. “But, in my view, this is only one piece of achieving our deterministic build goal, a necessary but not sufficient prerequisite to a comprehensive cryptanalysis and code audit. And from my read, I think Xavier agrees.”
Carnavalet says any backdoors are non-existent in TrueCrypt 7.1a from available sources, but only after he was able to reproduce the developers’ environment closely.
“My analysis can serve the [audit] to understand the importance of running the exact same compiler version in order to provide a deterministic build. Fortunately, TrueCrypt sources come with a working Visual Studio solution ready to compile, and thus relieve lots of problems that can arise from differences in the project configuration,” he wrote. “Now, efforts can be focused on auditing the source code, rather than trying to reverse-engineer the whole software to search for non-existent backdoors.”
This article was updated at 8:30 a.m. with clarifications from Xavier de Carne’ de Carnavalet.