Audit reveals significant vulnerabilities in Truecrypt and its successors

Originally published at: is a fascinating series on one of the creators of TrueCrypt (esp. ch. 3)


This rather long post does not actually mention any significant vulnerabilities in Truecrypt and its successors. The linked article does not outline any significant vulnerabilities in Truecrypt and its successors. Clicking through to the audit itself, it’s a little over my head, but it looks like there’s one optional mode that might allow an attacker to calculate the length of your password.

But the headline got me to click, so it’s all good.


Headline should read “Audit reveals no significant vulnerabilities in Truecrypt and its successors.”


And I still am going with there were enough changes in the windows code going from XP to vista/7 that they just didn’t want to deal with it and punted as truecrypt died when XP was finally given the axe.
Possibly having to go to proper 64 bit support was too much of a PITA for them.

1 Like

Excellent use of sensationalism Cory, well done.

Seems a little unfair. BB’s copy mentioned “some alarming bugs,” although that’s unsubstantiated in the post, and quotes a section selected seemingly at random, as it doesn’t mention any bugs. The linked article, however, mentions eight critical vulnerabilities, and points you to here where they are described.

As for why to post this even if the vulnerabilities have been patched, (1) if you wanted to be confident that the stuff you sent six months ago wasn’t read by the NSA, I guess you’re now a little less confident about that, and (2) you can decide for yourself whether a project that had these kinds of vulnerabilities before the audit is trustworthy.


You know what? You’re right, I only read the second article and the audit results.


I read the report a couple months ago. There are four vulnerabilities total, only two of which are classified as “high” severity .

One is that a random number generation library in Windows sometimes (in specific and rare circumstances) fails when a user is creating a Truecrypt volume and when it does, Truecrypt does not notify the user and proceeds as if nothing hashappened, relying on less-random sources of random number generation like user mouse movement. Seems like a problem that could easily be fixed by Truecrypt’s successors simply by adding a warning box explaining the risk and asking the user if they want to proceed anyway.

The other is potentially much more alarming; it would allow an attacker to gain access to the AES keys, but it would require a complex attack on the CPU cache that hasn’t been demonstrated. The fix isn’t simple either, though, so it’s a real concern.

But for all Truecrypt’s secrecy and lack of review over the years, the fact that those are the only two several security flaws seems impressive to me.


This topic was automatically closed after 5 days. New replies are no longer allowed.