[cryptome] Re: Open Crypto Audit Project TrueCrypt Cryptographic Review

  • From: In Harms Way <11414150173@xxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Fri, 03 Apr 2015 16:48:23 +0300


Александр wrote on 03/04/2015 11:47:

Yes, but much room for improvement. In phase 2 there were 4 vulns
discovered by the audit:

1- Keyfile mixing is not cryptographically sound (low).
2- Unauthenticated ciphertext in volume headers (undetermined).
3- CryptAcquireContext may silently fail in unusual scenarios
4- AES implementation susceptible to cache timing attacks (high).

Of course, my friend. There is much room for improvement. But after
all those roomers and speculations... after two phases of serious
professional audit... we see _NO backdoors. Nothing!_ (especially if
we take into account, that the project was dead since 2012 and
officially discontinued since the middle of 2013).

I am sure that VeraCrypt (https://veracrypt.codeplex.com/) and
CipherShed (https://ciphershed.org/) will work on those flaws.

Now, one can safely shut the mouths of those bastards who slandered
this excellent program and its developer!

We have nothing to hide, but something to protect:
- and the people, whose human rights these are.

Other related posts: