Truecrypt compromised?
 

A warning for those like me who use Truecrypt to carry copies of passwords, passport scans, etc. on a flash drive or cloud storage. The developer(s) are recommending that we abandon TC in favor of Bitlocker:

http://www.pcworld.com/article/22413...bitlocker.html

MS Bitlocker is not a working substitute since it doesn't come in a standalone version which can be used in business centers, etc. Sure hope it's just the developer(s) backing away from the product.

Don't think anybody knows the details yet, but what seems to be certain is that one should avoid the latest binaries for the time being. Wonder if this is another Lavabit type of thing (which, incidentally, the founder posted awful but hardly surprising details about last week).

Adding to what javabytes said ...

I'd trust Ars more than many other sources, and the message seems to be to "stay tuned"

http://arstechnica.com/security/2014...bruptly-warns/

But where would there be a master key that could be compromised?

It's possible they learned that there's an NSA plant involved or something.

Greenwald contacted them for an upcoming article about a list of compromised encryption tools? Or some government actors didn't like Greenwald associate's use of TC?

Snowden definitely used TrueCrypt; he even recommended using it in late 2012. I would be curious if he stopped using it at any point in late 2012 or early 2013. He certainly wasn't advising all his acquaintances to stop using it in the summer of last year.

Microsoft has more legal resources to fight the government than TrueCrypt developers, and this MSFT CEO may be more useful in defending privacy rights than the prior couple even as MSFT was definitively compromised in multiple ways.

This smells very, very bad.

Among other things, BitLocker doesn't support a lot of the features of TrueCrypt (like deniability, keyfiles, and volume-as-a-file) and on Windows 7 and Vista required the relatively obscure (for consumers) Ultimate or Enterprise editions.

TrueCrypt is the ONLY noncommercial alternative I'm aware of that's cross-platform.

Moreover, the TPM support (and secure boot on 8/8.1) features which make Bitlocker more convenient (although neither is mandatory) keep it from being as secure since it unlocks the volume automatically without a user unlock and can be vulnerable to some attacks on that basis.

The prior version of TrueCrypt, 7.1a was mature and stable for 2+ years without needing a point update. There were a couple of cases of law enforcement being unable to crack it (granted, this was in non-national-security casses).

Deniability is basically useless as the decision matrix always says to use it and thus whoever is trying to get the information will always assume it's in use.

You just have to convince them you're not smart enough to do that.

Certainly a possibility. Even when there is no "master" key to be compromised, the software can always be rewritten to capture the keys of users or otherwise introduce a backdoor. The published source code would theoretically prevent this if you compile it yourself, but realistically very few people do that... and it is difficult to prove the published source code is actually what is used to produce the binaries available for download.

It's also interesting to me that the TrueCrypt crowdfunded audit said earlier this week that they would have "big" news to announce. I think it's particularly important that audit be finished now.

Depends on who is trying to get the information.

If we're talking intelligence services, sure.

If we're talking about guys who are gonna break your kneecaps, then well, if they're smart enough to know about encrypted sub-volumes.

If we're talking about going through the courts, or through customs, it is very easy to tell that a disk (or a volume) is encrypted and they can compel you through legal means to give up a password. It is much harder to prove that there is a separately encrypted sub-volume, and as long as many people don't use that feature (and many don't) they have to be open to the legitimate possibility that no such sub-volume exists.

Creating an empty one is also a good way to f___ with people who might otherwise be snooping.

Here are my two "tin foil hat" scenarios.

First, the NSA/GCHQ/Russian mob/etc approached the TrueCrypt devs to put in a backdoor into future versions. Allow them to decrypt any newly encrypted drive/volume. Instead of bowing to their wishes, the TrueCrypt developers decided to throw in the towel in the most spectacular way. This way, even if they were forced to return to the project, the general public would no longer be using TrueCrypt.

Second, the NSA/GCHQ/Russian mob/etc had previously approached the TrueCrypt devs and there is already a backdoor. Fearing that the TrueCrypt Audit Project (istruecryptauditedyet.com) would discover the backdoor, the developers decided to throw in the towel.

The plausible deniability feature is questionable. I'm not convinced (nor is Bruce Schneier: https://www.schneier.com/blog/archiv...ypts_deni.html ) that one can truly hide the presence of that hidden volume. Of course, the data is still encrypted, regardless of how discoverable it is.

While BitLocker does not support keyfiles in same way TrueCrypt does, it does have an equivalent. A key to unlock an OS (or removable) partition can be stored in a file on a USB stick. All the file has is an identifier for the partition, combined with a random 256 bit key. Cryptographically it is probably more secure than the keyfile system (due to the lack of entropy in most file formats), but unlike keyfiles which can be any file one selects, the BitLocker ones are rather easily discoverable.

How to setup a replacement for file containers in BitLocker is actually described on the TrueCrypt site. Scroll down to the section "If you have a file container encrypted by TrueCrypt:".

While the option to only use the TPM as a boot factor is an option, it not the only one. A startup pin/password and/or USB stick can be combined with the TPM for additional security. When using those additional factors, it will mitigate those vulnerabilities you speak of.

more from Ars Technica about the True Crypt security audit (which is proceeding) ...

http://arstechnica.com/security/2014...-jumping-ship/

Yes, I'm familiar with the critique her referered to. It's still a good tool for the cases where it's good for; it's certainly not a tool most people will want to use casually or assume is sufficient on its own -- for exactly the reasons outlined there.

Rather like the recommendation for BitLocker, that only works in some releases of Windows (not just 7/8 but also varies by edition) and ties you not to a particular encryption software but also to the Microsoft OS features around VHD files.

It also creates the volume in a well-known format, and while the data inside of it is encrypted, the metadata around the container is not. Using the Windows EFS to encrypt a VHD file is going to be more secure in some cases, especially if you are not using full-disk encryption.

The biggest problem for many of us is that it's not cross-platform, and indeed, I'm not aware of any other free, practical cross-platform tool

Yes, as I said, neither is mandatory. OTOH, the use of TPM as the only factor for decryption (then depending on Windows security to prevent access to the drive, effectively already decrypted) is very popular in the corporate environment. It certainly seems to lead many folks in IT to a false sense of security.

Remember, TrueCrypt only offered full disk encryption on Windows. Its container file was the only cross-platform part.

There's not much metadata that's exposed. For non-OS volumes all that's in the clear is a list of methods available to decrypt the volume and a unique identifier. There's nothing about files, folders, etc exposed; all that's encrypted.

For OS volumes, there is a boot loader partition that (out of necessity) is in the clear. But there's nothing in that partition other than the standard Windows boot loader. On UEFI systems with Secure Boot enabled, every bit in that boot loader partition is digitally signed, and verified by hardware before it’s executed.

As for EFS, that’s even less portable. As wherever the VHD is stored, needs to be NTFS and can’t be copied to/from over a network. Plus, the EFS certificate needs to follow the VHD file. Worst of all, you’d have to decrypt the VHD file prior to using it. As VHDs are mounted in the context of System, which doesn’t have access to the user’s certificate store.

I don’t really see much benefit to cross-platform FDE products. For example, how often is a Windows user going to decrypt the contents of a Mac’s boot drive (or vice versa)? If anything, I see much more utility in a tool which can share encrypted files (or collections of files) between different OSes. For that, there’s GPG.

I completely agree.

I was pretty surprised to read about their sudden abandonment. I am eagerly waiting for phase 2 of the audit. I too smell something fishy. I use Truecrypt extensively to store personal information just to keep it safe from theft - and appreciate the fact that its cross platform. I have both iMacs and Windows machines at home and work and being able to mount a common cross platform drive is/was a big advantage to me.