Yes, but much room for improvement. In phase 2 there were 4 vulns
discovered by the audit:
1- Keyfile mixing is not cryptographically sound (low).
2- Unauthenticated ciphertext in volume headers (undetermined).
3- CryptAcquireContext may silently fail in unusual scenarios (high).
4- AES implementation susceptible to cache timing attacks (high).
On Thu, Apr 2, 2015 at 11:45 AM, Александр <afalex169@xxxxxxxxx> wrote:
In two simple words: no backdoors.