The grassroots movement to audit TrueCrypt, the popular open source encryption tool, is gaining steam with tens of thousands of dollars already raised to fund the effort to not only professionally review the source code behind the tool, but also to legally review the custom license governing its use.
TrueCrypt has been downloaded more than 28 million times and is lauded as easy-to-use software that does its job of encrypting files, disk partitions, or entire devices. It’s “grandma-friendly” as one expert puts it, but there are plenty of worrisome aspects that users and security experts have looked past until now. For instance, it’s not publicly known who is on the development team behind TrueCrypt. Also, the most common TrueCrypt packages are downloadable binaries for Windows that cannot be compared to the original source code; those binaries behave differently than versions compiled from source code, experts say. With revelations of new NSA surveillance dropping almost weekly, paranoia and conspiratorial thinking is giving way second thoughts about even the most trusted software.
“I’m really glad this audit is going to happen,” said Chris Soghoian, principal technologist with the American Civil Liberties Union. “TrueCrypt is too important to have this little transparency.”
Cryptography experts such as Matthew Green of Johns Hopkins University in Baltimore agree about TrueCrypt’s importance and the need to put it on “better footing” in terms of its trustworthiness. Green and Kenn White, a security researcher, helped get IsTruCryptAuditedYet off the ground. To date, the crowdfunded project has raised more than $36,000 and Green and White have begun seeking recommendations on firms that can review the software’s integrity. While that decision could be made within a couple of weeks, a full audit may not be complete until early next year.
“I started to look into it and I found that unlike pretty much all the other [open source security tools], it is made by this phantom, anonymous group of people who have this weird license they came up with,” Green said. “ It’s not an insult to them or that I think they’re doing something bad, it’s just that their software is really good and it’s really widely used and so it deserves to be on better footing nowadays.”
The most concerning thing leading people in some corners to wonder whether TrueCrypt has been backdoored—or whether the Windows binary has—is that the last 65,024 bytes of the header is filled with random values; the Linux version fills the header with zero encrypted bytes. What are those encrypted bytes? Without an audit it’s difficult to know exactly because there’s no way to prove the Windows binary is related to the source code.
“It’s based on the same code, so it’s kind of mysterious as to why would you have two separate chunks of code in your code base that do different things depending on whether you’re Windows or Linux,” Green said. “And so, the question is why would you do that? How do we ensure that is not an encryption of your key? We can ensure that by looking at the code and saying ‘Yeah, definitely it’s not a backdoor, it’s just random bytes.’ So there seems to be a few places where—nobody is saying there’s a backdoor—but there are behaviors that don’t make a lot of sense and we’d like to rule out the possibility.”
The possibility exists that the random bytes could be the encryption of something sensitive, and in the case of a TrueCrypt volume, that could be the password. If the software were backdoored, it could be that whomever did it, encrypted the password and other relevant information so that it looks like random bytes under a key known only to a third party.
“What we want to do is go through the source code very carefully, make sure there are no problems like that and get it built from the source and all these questions go away and nobody has to worry about backdoors or anything,” Green said. “We would know the code is good and the binary that comes from the code is good, the end.”
This isn’t the first time TrueCrypt has come under some scrutiny. In 2006, Red Hat and Debian declared it forbidden for its respective distributions because of the wonky license governing it; the chief criticism being that it opened users to litigation, White said. The license spells out a number of things that cannot be done with the software, yet fails to clarify what can be done with it. Experts like Green and White have not been able to determine whether it was written maliciously, or by parties without much experience in writing licenses. Two years later, the license was reviewed and updated, and several points were addressed, but not enough to satisfy its critics.
“There were still several clauses in it that said if you’re not sure you’re in compliance with the license, you can’t use the software,” White said. “It’s like a meta-clause. From our perspective, the question isn’t whether it can be distributed through Red Hat or Debian, but if we fork the code to a mirror site, can we be sued?”
White said there has been the equivalent of back-channel communications with the anonymous folks behind TrueCrypt to bring them to the table, in particular on licensing questions. He also said well-respected intellectual property experts have begun looking at the license again.
“TrueCrypt is really good, somebody spent a lot of time and put a lot of love into TrueCrypt,” Green said, adding the caveat that whoever is behind the project has built the dominant open source encryption tool, one that likely cannot be replaced any time soon regardless of what the audit turns up. “Wouldn’t it be nice to rule out that kind of conspiracy theory possibility that maybe there’s something else going on?”