The credibility of the TrueCrypt encryption application is in tatters following the discovery of two serious flaws in the code.
Its anonymous developers abandoned the open source TrueCrypt project in May 2014, and since then no updates to the code have been released. At the time the developers advised users to switch to an alternative encryption program such as Microsoft's BitLocker. Although TrueCrypt is still available for download, the developers suggest it should only be used to migrate data off TrueCrypt encrypted drives.
A security audit of TrueCrypt by security firm iSec Research Lab identified numerous code quality issues but failed to find any serious flaws in the encryption system. Conspiracy theories notwithstanding, the audit, which was completed in April, identified no deliberate "back doors" that would enable government agencies or anyone else to decrypt data that had been encrypted with the program.
Critical TrueCrypt Flaws
The two new flaws, identified by James Forshaw, a security researcher on Google's Project Zero bug hunting team, were not spotted in iSec's security audit and are not directly related to TrueCrypt's implementation of cryptography.
"iSec phase 1 audit reviewed this specific code but Windows drivers are complex beasts - easy to miss local eop (elevation of privilege)," Forshaw commented in a tweet.
The discovery of these two bugs in code that had been audited by a reputable security company emphasizes the fact that finding bugs can be extremely hard: A security audit cannot guarantee that a piece of code is free of flaws.
Run, Don't Walk, from TrueCrypt
At the time TrueCrypt was discontinued Gartner security analyst Mario de Boer believed it was feasible to continue using the application, despite its website publishing a warning against doing so.
"At this moment (I have not seen the results of the cryptographic code review) there is no reason to assume there is a major security issue," de Boer said at the time. "I also assume that if the audit reveals a flaw, it will be solvable and someone will fix it."
One year on and de Boer's advice is now unequivocally to abandon the software if you are still using it. "One of the first books on software security I read (Writing Secure Code by Howard and LeBlanc) proposed a bumper sticker text: 'Software never dies: it just becomes insecure.' That is what is happening to TrueCrypt. People should move away from any unsupported software, including TrueCrypt," he said.
This begs the question of which encryption application you should move to. While there are plenty of proprietary applications (such as BitLocker) to choose from, you may not be comfortable using any product for which the source code is not readily available for inspection.
Some users fear that proprietary software vendors might place back door into their code. Others believe open source is inherently more secure due to the idea that "given enough eyeballs, all bugs are shallow."
(Though it's worth noting that just because an application is open source doesn't mean that all bugs will be spotted, or that they are more likely to be spotted than during a security audit.)
Another option is to use a TrueCrypt replacement written from scratch, but the problem with this is that to date no one has produced anything that can be considered ready for production use.
That's unlikely to happen any time soon, de Boer warns. "Writing an alternative would require deep understanding of software development and cryptography - a very, very rare combination," he said. "Part of the source code of TrueCrypt (E4M) predates TrueCrypt and is almost two decades old. It would require a major effort to write a similar application completely from scratch."
TrueCrypt Alternatives: VeraCrypt and CipherShed
VeraCrypt is a 2013 fork of the TrueCrypt code which is maintained and updated by Mounir Idrassi, an IT security consultant based in France. Idrassi has already fixed the two Project Zero bugs, as well as several memory-related bugs, including buffer overruns, and vulnerabilities which were uncovered by the iSec audit.
He has also added a number of features, including:
- Making the encryption stronger by supporting SHA-256 instead of the aging RIPEMD-160 used by TrueCrypt
- Adding TrueCrypt compatibility through support of mounting and converting TrueCrypt volumes
- Adding a tool to resize VeraCrypt volumes
- Introducing a new feature called PIM (Personal Iterations Multiplier), which enables the user to choose the desired security level for the volumes: dynamic level vs static one inherited from TrueCrypt. It also allows the user to crank up the number of iterations used in response to the increase of computation power available to attackers.
VeraCrypt is available under a dual Apache 2.0/TrueCrypt license, and it runs under Windows (XP up to 10), Linux and OS X (Snow Leopard to El Capitan).
But Idrassi warned eSecurityPlanet that Windows 10 support is not complete. "There are still some compatibility issues on Windows 10 linked to the use of network drives, he said. "Also there are stability issues with some large disks (greater than three terabytes) with large sector size, and this must also be addressed."
VeraCrypt is still very much under development, Idrassi added. One feature he hopes to add is UEFI support - if he can get help. "A way must be found to attract skilled developers in this field to contribute," he said. "One idea is to ask for funding to pay for such development because people with such knowledge prefer to sell such code instead of giving it for free."
Idrassi also plans to add SHA-3 support to the product, and is considering requests for non-Western ciphers and algorithms like Japanese Camellia and Russian GOST standards (Streebog for hash, GOST 28147-89 and the future GOST-Kuznyechik for encryption).
The development of CipherShed is progressing slowly. As of now there is nothing ready to be put into production use, according to Jos Doekbrijder, the initiator of the project.
"Do not forget we are an open source community project, and as such are depending on the effort of people in the community and their free time," he said. "There is one lead developer with about four to six active people in the community who test, code, review and help in other ways."
Despite the flaws that have been revealed in TrueCrypt like the two Project Zero bugs - which were fixed in CipherShed within hours - Doekbrijder is still impressed with what was achieved before it was abandoned. "It is a brilliant piece of code, especially if you take all things in consideration. There is code in TrueCrypt dating back to the early nineties!"
You can download the current version of CipherShed from the project's website, but this is a pre-alpha release which should only be used for testing.
Doekbrijder has a roadmap for how the code will be developed, and says ultimately it will be faster than TrueCrypt and use other, newer encryption algorithms. But despite this it will be able to open existing TrueCrypt containers. "This is a MUST requirement," he said.
He also plans to introduce a new GUI and some features and to remove existing features that are either not used or considered insecure. However the project community has not yet decided on which features to add and remove, he said.
Paul Rubens has been covering enterprise technology for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.