[cryptome] Re: Open Crypto Audit Project TrueCrypt Cryptographic Review

  • From: Aftermath <aftermath.thegreat@xxxxxxxxx>
  • To: "cryptome@xxxxxxxxxxxxx" <cryptome@xxxxxxxxxxxxx>
  • Date: Fri, 3 Apr 2015 02:58:22 -0700

diskcrypt is my go-to full disk crypto software for the moment

ill prolly switch over to veracryt in time

On Friday, April 3, 2015, Александр <afalex169@xxxxxxxxx> wrote:

Yes, but much room for improvement. In phase 2 there were 4 vulns
discovered by the audit:

1- Keyfile mixing is not cryptographically sound (low).
2- Unauthenticated ciphertext in volume headers (undetermined).
3- CryptAcquireContext may silently fail in unusual scenarios (high).
4- AES implementation susceptible to cache timing attacks (high).

Of course, my friend. There is much room for improvement. But after all
those roomers and speculations... after two phases of serious professional
audit... we see *NO backdoors. Nothing!* (especially if we take into
account, that the project was dead since 2012 and officially discontinued
since the middle of 2013).

I am sure that VeraCrypt (https://veracrypt.codeplex.com/) and CipherShed
(https://ciphershed.org/) will work on those flaws.

Now, one can safely shut the mouths of those bastards who slandered this
excellent program and its developer!

Other related posts: