[dm-crypt] Truecrypt audit

Arno Wagner arno at wagner.name
Sat May 17 13:42:01 CEST 2014


On Sat, May 17, 2014 at 09:08:06 CEST, Heinz Diehl wrote:
> On 16.05.2014, Arno Wagner wrote: 
> 
> > I just want to warn everybody not to place too great stock 
> > into these results. I have participated in similar, non-public
> > analyses and they can only ever go so deep. Cleverly hidden or
> > disguised backdoors may easily be overlooked...
> 
> I agree.
> 
> I posted the article because of TC's widespread use, and I'm not aware
> of any comprehensive review/audit of its source (I'm not using TC
> myself).

Posting it is fine. It does contain valuable information.

For example, I think from the report one can deduce that 
TrueCrypt is not very likely to have low-value vulnerabilities, 
hence, for example, ordinary law-enforcement and ordinary 
criminals will likely not get in and more widely available 
forensics tools will likely also not work.

I just wanted to give context which may be non-obvious to
people that have not done something like this themselves.

And yes, I am using TC, but not for secret things. "Business
Confidential" is the highest level I am willing to trust it 
with.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list