No backdoor found: the open-source encryption software TrueCrypt security audit is complete

Source: Internet
Author: User

No backdoor found: the open-source encryption software TrueCrypt security audit is complete

TrueCrypt is a popular open-source file encryption software, which includes a large number of "sensitive people" (such as businessmen, politicians, reporters), so its security has been widely concerned.

On September 18, May 2014, TrueCrypt, an open-source encryption software, suddenly warned Windows users to switch to Microsoft's BitLocker encrypted disk and warned them that TrueCrypt is not safe.



Don't worry, no backdoors.

Faced with a lot of concerns about whether or not TrueCrypt contains backdoors, NCC Security Auditors and cryptography experts conducted a comprehensive security audit on TrueCrypt. Fortunately, the results made people quite comfortable:

"TrueCrypt is a relatively well-designed encryption software. The NCC audit does not find evidence of a backdoor in the software, or any serious design vulnerabilities that may lead to software insecurity. "

A year ago, ISEC completed the first-stage code audit of TrueCrypt. Although no major security issues were found, 11 moderate and low-risk software vulnerabilities were found.



The NCC auditor recently published a 21-page public report showing the results of checks on TrueCrypt's Random Number Generation Program, key algorithms, and other encryption methods.

Vulnerability description

The report discloses four vulnerabilities in TrueCrypt, but these vulnerabilities do not affect encryption.

1. The combination of key files is not thorough enough from the cryptography perspective-low risk

2. The encrypted volume header has unauthorized ciphertext-to be determined

3. CryptAcquireContext may fail in some scenarios-High Risk

4. AES encryption may be affected by Cache Time Series attacks-High Risk
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.