TrueCrypt audit finds no irregularities

Posted on Friday, April 03 2015 @ 13:06 CEST by Thomas De Maesschalck
Last year the TrueCrypt project suddenly closed down, with the developer urging people to stop using the software due to security vulnerabilities that made it unsafe to use. There were some fears that this action was related to potential NSA backdoors in the software but this doesn't appear to be the case.

The Tech Report writes a crowd-funded audit found no evidence of foul play in TrueCrypt's source code. The group of cryptologists working for the Open Crypto Audit Project (OCAP) concluded there are no backdoors in the software. They did find some minor security flaws but overall the TrueCrypt code seems fit as a solid foundation for future forks.
Matthew Green, one of OCAP's directors, summarized the results on his blog:

The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

That doesn't mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews