Post-Cryptanalysis, TrueCrypt Alternatives Step Forward

CipherShed and VeraCrypt developers stand ready to step in for TrueCrypt now that the cryptanalysis phase of the audit is complete and no backdoors were discovered.

TrueCrypt’s relative clean bill of health last week has now spawned a new focus on existing alternatives to the open source encryption software, namely VeraCrypt and CipherShed.

Both open source projects sprung forth from the rubble of the original TrueCrypt developers’ decision in 2014 to abandon ship. It’s still unknown why the mysterious and anonymous builders of a software project that’s been downloaded close to 30 million times decided overnight to close up shop.

Under the growing leeriness of the Snowden revelations two summers ago, the decision to audit the code and subsequent call to stop maintaining and developing TrueCrypt birthed speculation that a backdoor was found in the code, or that the developers had been served with a court order that would somehow compromise the integrity of TrueCrypt, or perhaps they were just tired of keeping up with code changes and new builds.

Whatever the reason, the demise of TrueCrypt not only gave rise to a two-phase audit of the code, but also a pair of projects that forked the last TrueCrypt build into separate projects that served the same purpose: provide privacy and security conscious individuals with a free and open software package to encrypt files and disk drives.

“The audits of TrueCrypt get a lot of press because it’s something flashy, but the development effort that went into TrueCrypt at the beginning are immense and incredible, and the developers don’t get as much credit as they should for producing a disk and volume encryption project for multiple platforms and for maintaining it for a decade or more,” said Tom Ritter, a security engineer with NCC Group Cryptography Services, which conducted the audit. “There are successor projects and they are improving it in their own ways. I am excited to see those projects grow and thrive and last as long as TrueCrypt did. I still use TrueCrypt and want to see it supported future.”

Mounir Idrassi runs VeraCrypt, the Windows version of which was launched June 22, 2013, 17 days after the first Snowden revelations.

“The original motivation behind VeraCrypt was to strengthen TrueCrypt key derivation. I first started analyzing TrueCrypt source code in 2012, and by the end of that year it was clear to me that TrueCrypt key derivation was not strong enough and needed to be upgraded to meet the challenges [posed] by the accelerating growth of computing power,” Idrassi said. “From there, I decided to start VeraCrypt as a fork to TrueCrypt to address this issue by increasing the security to a level that should remain secure for the next 10-15 years.”

Idrassi said he was not surprised by the revelations of last week’s cryptanalysis results. The second phase of the audit turned up no backdoors and uncovered four vulnerabilities in the code, two of which were rated high severity bugs by NCC Group Cryptography Services.

“The results of the second audit phase are less interesting since the weaknesses mentioned were either known (keyfile processing, cache-timing attack) or not realistic, but this is expected since the code has already been analyzed by many people for years (although not in an coordinated manner) and it’s difficult to make new findings,” Idrassi said. “VeraCrypt is based on TrueCrypt, so theoretically any backdoor present in TrueCrypt could also be present on VeraCrypt if it touches the common parts. That being said, the source code has been reviewed by many people for years now and it would have been extremely surprising if any backdoor was able to hide in plain sight for so long.”

Jason Pyeron, one of the developers of CipherShed, said he expected the cryptanalysis to turn up more issues than it did, though the auditors did limit the scope of their investigation to certain areas of the code.

“I did not expect them to find any obvious backdoors or other easy exploits. If there were a backdoor put in, it would look like an innocent mistake or some buffer overflow which leaks just enough to give an advantage,” Pyeron said, adding that CipherShed’s developers are already looking at the bugs uncovered by the audit.

Like VeraCrypt, CipherShed emerged after the TrueCrypt shutdown.

“[The TrueCrypt developers] quit and abandoned their community. That was the primary motivation for starting CipherShed,” Pyeron said. “From there, it was a self-organizing battle royale. We ended up with the group who thinks organization is the key to long term support and success, just like Apache has. My personal goals were to make full-disk encryption available to everyone, including businesses and governments, and eliminate their excuses for not using it.”

Pyreon, for one, is not a fan of the quality of the original TrueCrypt code base, something that was also pointed out in the first phase of the audit.

“The TrueCrypt codebase is riddled with poor and less than secure programming practices,” he said. “Some of the things we have discovered along the way are improper handling of Unicode and many other strange details. Here is one for your readers: What reasons could you justify using string case manipulation in full-disk encryption software? Hint: It should not be for the data on the disk or passwords.”

VeraCrypt and CipherShed have addressed many of the shortcomings identified not only by the audit, but by others who have scrutinized the TrueCrypt code in recent years. VeraCrypt’s Idrassi, for example, said he replaced TrueCrypt’s lone support of the RIPEMD-160 algorithm with SHA-256 support for system encryption. He said VeraCrypt has also tried to simplify the build process, especially for Linux and Mac OS X systems, so that other less common configurations could be used.

Both projects too, believe it’s important to maintain compatibility with TrueCrypt.

“That is a primary objective until there is a cryptographic reason not to do so,” Pyreon said.

Suggested articles

StrongPity APT Covets Secrets of Crypto Users

Kaspersky Lab researchers have uncovered the StrongPity APT, a group that uses watering hole attacks to infect machines of users seeking encryption technologies such as WinRAR and TrueCrypt.