[cryptome] Re: Open Crypto Audit Project TrueCrypt Cryptographic Review

  • From: Peter Presland <peter@xxxxxxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Fri, 03 Apr 2015 11:55:21 +0100

Here here!

On 03/04/2015 09:47, Александр wrote:

Yes, but much room for improvement. In phase 2 there were 4 vulns
discovered by the audit:

1- Keyfile mixing is not cryptographically sound (low).
2- Unauthenticated ciphertext in volume headers (undetermined).
3- CryptAcquireContext may silently fail in unusual scenarios
4- AES implementation susceptible to cache timing attacks (high).

Of course, my friend. There is much room for improvement. But after all
those roomers and speculations... after two phases of serious
professional audit... we see _NO backdoors. Nothing!_ (especially if we
take into account, that the project was dead since 2012 and officially
discontinued since the middle of 2013).

I am sure that VeraCrypt (https://veracrypt.codeplex.com/) and
CipherShed (https://ciphershed.org/) will work on those flaws.

Now, one can safely shut the mouths of those bastards who slandered this
excellent program and its developer!

Other related posts: