Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

TrueCrypt audit back on track after silence and uncertainty

Lucian Constantin | Feb. 23, 2015
An effort to search for cryptographic flaws in TrueCrypt, a popular disk encryption program, will resume even though the software was abandoned by its creators almost a year ago.

Over the past year, while deciding on how to proceed, the Open Crypto Audit Project members looked at some parts of the TrueCrypt cryptographic code themselves, including the program's random number generator.

"This will hopefully complement the NCC/iSEC work and offer a bit more confidence in the implementation," Green said.

The Cryptography Services audit will focus on Truecrypt-encrypted containers at rest, which is what many people use the software for: creating encrypted containers which they then mount and store data in.

"We want to be sure that the cryptography used to protect these encrypted volumes is solid and free of any errors that could allow recovery of the data," the Cryptography Services team said in a blog post. "Because of the nature of the work, we'll be focusing on the mode widely used and standardized components: XTS mode used with AES, as well as the Double and Triple Compositions."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.