[cryptome] Re: Open Crypto Audit Project TrueCrypt Cryptographic Review
- From: Александр <afalex169@xxxxxxxxx>
- To: cryptome <cryptome@xxxxxxxxxxxxx>
- Date: Fri, 3 Apr 2015 11:47:29 +0300
Yes, but much room for improvement. In phase 2 there were 4 vulns
discovered by the audit:
1- Keyfile mixing is not cryptographically sound (low).
2- Unauthenticated ciphertext in volume headers (undetermined).
3- CryptAcquireContext may silently fail in unusual scenarios (high).
4- AES implementation susceptible to cache timing attacks (high).
Of course, my friend. There is much room for improvement. But after all
those roomers and speculations... after two phases of serious professional
audit... we see *NO backdoors. Nothing!* (especially if we take into
account, that the project was dead since 2012 and officially discontinued
since the middle of 2013).
I am sure that VeraCrypt (https://veracrypt.codeplex.com/
) and CipherShed (
) will work on those flaws.
Now, one can safely shut the mouths of those bastards who slandered this
excellent program and its developer!
Other related posts: