But it’s a bad design and should certainly be fixed in any Truecrypt forks. These alternatives are probably good enough to protect you. Moreover, even if the Windows Crypto API does fail on your system, Truecrypt still collects entropy from sources such as system pointers and mouse movements. This is not the end of the world, since the likelihood of such a failure is extremely low. Instead it silently accepts this failure and continues to generate keys. When this happens, Truecrypt should barf and catch fire. A problem in Truecrypt is that in some extremely rare circumstances, the Crypto API can fail to properly initialize.
The Truecrypt developers implemented their RNG based on a 1998 design by Peter Guttman that uses an entropy pool to collect ‘unpredictable’ values from various sources in the system, including the Windows Crypto API itself. This is an important piece of code, since a predictable RNG can spell disaster for the security of everything else in the system.
#Truecrypt 7.1 a windows 10 generator#
The auditors did find a few glitches and some incautious programming - leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we’d like it to.įor example: the most significant issue in the Truecrypt report is a finding related to the Windows version of Truecrypt’s random number generator (RNG), which is responsible for generating the keys that encrypt Truecrypt volumes.
The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances. The TL DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. This post will only give a brief summary. Those who want to read it themselves should do so. You can find the full report over at the Open Crypto Audit Project website. We’re grateful to Alex, Sean and Tom, and to Kenn White at OCAP for making this all happen. Thanks to some hard work by the NCC Crypto Services group, soon is now.
#Truecrypt 7.1 a windows 10 update#
A few weeks back I wrote an update on the Truecrypt audit promising that we’d have some concrete results to show you soon.
0 kommentar(er)
