[cryptome] Re: Open Crypto Audit Project TrueCrypt Cryptographic Review

  • From: Aftermath <aftermath.thegreat@xxxxxxxxx>
  • To: "cryptome@xxxxxxxxxxxxx" <cryptome@xxxxxxxxxxxxx>
  • Date: Thu, 2 Apr 2015 13:45:20 -0700

Yes, but much room for improvement. In phase 2 there were 4 vulns
discovered by the audit:

1- Keyfile mixing is not cryptographically sound (low).
2- Unauthenticated ciphertext in volume headers (undetermined).
3- CryptAcquireContext may silently fail in unusual scenarios (high).
4- AES implementation susceptible to cache timing attacks (high).







On Thu, Apr 2, 2015 at 11:45 AM, Александр <afalex169@xxxxxxxxx> wrote:


https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf


In two simple words: no backdoors.
Period.

Other related posts: