TrueCrypt Audit Could Answer Troubling Questions

Open source encryption software TrueCrypt is now under the microscope for odd behavior from its Windows version and a wonky license governing its use.

The grassroots movement to audit TrueCrypt, the popular open source encryption tool, is gaining steam with tens of thousands of dollars already raised to fund the effort to not only professionally review the source code behind the tool, but also to legally review the custom license governing its use.

TrueCrypt has been downloaded more than 28 million times and is lauded as easy-to-use software that does its job of encrypting files, disk partitions, or entire devices. It’s “grandma-friendly” as one expert puts it, but there are plenty of worrisome aspects that users and security experts have looked past until now. For instance, it’s not publicly known who is on the development team behind TrueCrypt. Also, the most common TrueCrypt packages are downloadable binaries for Windows that cannot be compared to the original source code; those binaries behave differently than versions compiled from source code, experts say. With revelations of new NSA surveillance dropping almost weekly, paranoia and conspiratorial thinking is giving way second thoughts about even the most trusted software.

“I’m really glad this audit is going to happen,” said Chris Soghoian, principal technologist with the American Civil Liberties Union. “TrueCrypt is too important to have this little transparency.”

Cryptography experts such as Matthew Green of Johns Hopkins University in Baltimore agree about TrueCrypt’s importance and the need to put it on “better footing” in terms of its trustworthiness. Green and Kenn White, a security researcher, helped get IsTruCryptAuditedYet off the ground. To date, the crowdfunded project has raised more than $36,000 and Green and White have begun seeking recommendations on firms that can review the software’s integrity. While that decision could be made within a couple of weeks, a full audit may not be complete until early next year.

“I started to look into it and I found that unlike pretty much all the other [open source security tools], it is made by this phantom, anonymous group of people who have this weird license they came up with,” Green said. ” It’s not an insult to them or that I think they’re doing something bad, it’s just that their software is really good and it’s really widely used and so it deserves to be on better footing nowadays.”

The most concerning thing leading people in some corners to wonder whether TrueCrypt has been backdoored—or whether the Windows binary has—is that the last 65,024 bytes of the header is filled with random values; the Linux version fills the header with zero encrypted bytes. What are those encrypted bytes? Without an audit it’s difficult to know exactly because there’s no way to prove the Windows binary is related to the source code.

“It’s based on the same code, so it’s kind of mysterious as to why would you have two separate chunks of code in your code base that do different things depending on whether you’re Windows or Linux,” Green said. “And so, the question is why would you do that? How do we ensure that is not an encryption of your key? We can ensure that by looking at the code and saying ‘Yeah, definitely it’s not a backdoor, it’s just random bytes.’ So there seems to be a few places where—nobody is saying there’s a backdoor—but there are behaviors that don’t make a lot of sense and we’d like to rule out the possibility.”

The possibility exists that the random bytes could be the encryption of something sensitive, and in the case of a TrueCrypt volume, that could be the password. If the software were backdoored, it could be that whomever did it, encrypted the password and other relevant information so that it looks like random bytes under a key known only to a third party.

“What we want to do is go through the source code very carefully, make sure there are no problems like that and get it built from the source and all these questions go away and nobody has to worry about backdoors or anything,” Green said. “We would know the code is good and the binary that comes from the code is good, the end.”

This isn’t the first time TrueCrypt has come under some scrutiny. In 2006, Red Hat and Debian declared it forbidden for its respective distributions because of the wonky license governing it; the chief criticism being that it opened users to litigation, White said. The license spells out a number of things that cannot be done with the software, yet fails to clarify what can be done with it. Experts like Green and White have not been able to determine whether it was written maliciously, or by parties without much experience in writing licenses. Two years later, the license was reviewed and updated, and several points were addressed, but not enough to satisfy its critics.

“There were still several clauses in it that said if you’re not sure you’re in compliance with the license, you can’t use the software,” White said. “It’s like a meta-clause. From our perspective, the question isn’t whether it can be distributed through Red Hat or Debian, but if we fork the code to a mirror site, can we be sued?”

White said there has been the equivalent of back-channel communications with the anonymous folks behind TrueCrypt to bring them to the table, in particular on licensing questions. He also said well-respected intellectual property experts have begun looking at the license again.

“TrueCrypt is really good, somebody spent a lot of time and put a lot of love into TrueCrypt,” Green said, adding the caveat that whoever is behind the project has built the dominant open source encryption tool, one that likely cannot be replaced any time soon regardless of what the audit turns up. “Wouldn’t it be nice to rule out that kind of conspiracy theory possibility that maybe there’s something else going on?”

Suggested articles


  • bones on

    Be aware at the outset of this post that I have a pirated Kaspersky IS suite with pirated keys predominantly because I do not want Kaspersky to know from whence payment originates - therefore voiding my carefully maintained anonymity. Additionally, if AVG etc provide free versions of their IS suites, why doesn't Kaspersky (rhetorical). Anyhow, I happened to be one recipient of the Special Agent Supervisor of the California Department of Justice in charge of computer crime investigations - Fred Baclagan - email spill(38000 of them, back in the days of fuckfbifriday) and pulled out all the threads relating to Truecrypt. They have not at any time been able, even with FBI assistance, to backdoor TC. I can post the threads here if you like, they are most revealing. This, and the fact that David Miranda's encryption tool for the massive amount of data he was muling for Greenwald was TC (if Snowden knew TC had been backdoored, why would he have let Miranda use it to carry the bulk or all of Snowden's files to Brazil?)demonstrates to me that TC HAS no backdoor - yet. Furthermore, the use of a public audit would be greatly enhanced if all versions of TC could be audited esp. the appearance of the encrypted bytes referred to above. Then, the difference between the versions when it appeared could in fact demonstrate what it actually was. Those versions are not available on the TC website. By the way, why does this site require javascript? I just had a look at the code and ("control u") and it is sprinkled with js. I as a rule turn it off and don't have java on my machine either on the primary OS or the TC system. I needed to turn it on here. Have you been backdoored KS?
  • seraglio on

    What will happen next is that the NSA/GCHQ complex will engineer a terrorist catastrophe the like never before seen which will take the heat off them for the Snowden-gate revelations. Watch and see.
  • d on

    javascript != java
  • brett on

    TrueCrypt being open souse allows us to check the code before we use it that's good. My concern is that the NSA will compile there own version then hack servers that host the download file and replace it. I would like to ask is there /or can some one write a program where we can load the EXE file and generate a hash code. This would allow the author to download his file and check if it is his or NSA.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.