Skip to content
  • About Me
  • Books
  • Photography
  • Papers
  • Security
  • Forensics
  • Essays
  • Christianity

Calendar

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Jun    

Archives

  • June 2022
  • May 2022
  • March 2022
  • January 2022
  • December 2021
  • November 2021
  • September 2021
  • July 2021
  • January 2021
  • December 2020
  • November 2020
  • March 2020
  • September 2019
  • August 2019
  • November 2018
  • August 2018
  • March 2018
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • June 2015
  • March 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • January 2014
  • October 2013
  • September 2013
  • June 2013
  • May 2013
  • April 2013
  • December 2012
  • May 2012
  • September 2011
  • June 2011
  • August 2010
  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • July 2009
  • May 2008
  • March 2008
  • January 2008
  • June 2007
  • August 2006
  • February 2006

Categories

  • Apple
  • Christianity
  • Essays
  • Forensics
  • General
  • Machine Learning
  • Music
  • Opinion
  • Photography
  • Politics
  • Security











ZdziarskiDFIR, security, reverse engineering, photography, theology, funky bass guitar. All opinions are my own.
  • About Me
  • Books
  • Photography
  • Papers
  • Security
  • Forensics
  • Essays
  • Christianity
Security

TrueCrypt.org May be Compromised

On May 28, 2014 by Jonathan Zdziarski

Today, a new version of TrueCrypt (7.2) was pushed to SourceForge, and the TrueCrypt.org website was replaced with an incredibly suspicious page recommending users cease all use of TrueCrypt and use tools such as Bitlocker. The TrueCrypt maintainers have not officially (as of the time of this writing) commented yet on whether the site is compromised, or whether they are (more unlikely) scuttling the project for reasons unknown.

There have been a number of conspiracy theories ranging from a warrant canary (someone tipping off the TrueCrypt team that a secret warrant was issued for information about them) to a massive website compromise, and finally to a terribly sloppy and unprofessional true exit from TrueCrypt.

My take? I don’t know, but most agree it is very suspicious that the TrueCrypt team would lead anyone to use private, proprietary software like BitLocker, when there are plenty of FOSS implementations out there that work well. Usually when someone is lying under duress (or even trolling), one natural way to tip everyone else off to that fact is to state something completely unbelievable that other people would see is completely unbelievable. The TC team recommending BitLocker fits that bill, and I think leaves a hint to the public to disregard everything they’re saying about TC. The whole thing smells suspicious, and at the very least, should be approached with caution.

One thing is for certain: You should not download or trust anything from TrueCrypt until this is all sorted out. That doesn’t mean, however, that you should stop using TrueCrypt if you already are.

Here are a few steps on what you should do, however, to protect your content:

1. It’s possible that TrueCrypt 7.2 is compromised. Do not use this new version.

2. If the website is compromised, chances are the attacker had compromised it quite a while ago, and the website owners did not know it. This means that previous versions of TrueCrypt might also be compromised. If you’ve downloaded any version of TrueCrypt over the past 3-6 months (or longer, depending on your level of paranoia), I advise considering your copy may not be trustworthy. My own copy is only six months old, so I’m looking to get a set of MD5 hashes from people I follow who’s had 7.1a on their Mac for longer than I, to verify. Please email me if you have these. (find TrueCrypt.app -type f -exec md5 {} \;)

3. There *is* an unofficial archive of TrueCrypt releases kept by a user on GitHub (Thank you DrWhax). I CANNOT vouch for it’s credibility, however the hashes on his 7.1a OSX release match those of my own copy, which I downloaded about six months ago. Compare your own hashes to his and if they don’t match, then something is definitely wrong with either your copy or the archive’s. The archive can be found here.

4. As it is possible, in today’s world, that newer versions of TrueCrypt could be infected with some type of ransom-ware or other crippling malware, I recommend making a backup of the CLEAR TEXT copies of your TrueCrypt containers. Use a different encryption tool for now to protect the backups in the event that you lose access to your TrueCrypt containers. If you’re using full disk encryption, back up your hard drive contents either in clear text or to another form of encryption. You don’t want to lose the ability to access everything on your HD.

5. Depending on if and how TrueCrypt may be compromised, it makes sense to encrypt your own TrueCrypt containers with another form of encryption, which will help prevent them from being left exposed in the event that there is a bigger game afoot with malware. It’s also a good idea to change the passwords to your containers, although I recommend doing this offline, and completely power cycle your computer before going back online. This doesn’t guarantee your passwords won’t be intercepted, but can certainly help. I also recommend copying them to OFFLINE STORAGE and securely erasing from your desktop machine. In the event that TrueCrypt is compromised, you don’t want both your passwords and the content to be exposed.

6. If you’re overly concerned about malware, consider a tool such as Little Snitch for Mac, or other connection managers, to prevent background processes from calling home without your permission.

In all of this, do as your paranoia guides you.

Lastly, if you are already using TrueCrypt 7.1a (the version that was code audited by Matthew Green’s team), I see no reason to stop using it as of yet. It’s already passed phase 1 of the audit, and if there were any backdoors, they would have been found by now. The phase 2 portion of the audit (the part that tests cryptographic strength) has not yet been audited, however the algorithms have been in the public for decades, as well as their implementations open sources. If you can ensure that the 7.1a copy you have is an “authentic” copy, then I see no reason not to use it until/unless any information comes out that suggests we shouldn’t. In fact, if the government is in any way involved in the shuttering of the project, it may be because the technology is too effective, which is exactly what security minded people want. There is no bug that cannot be fixed, if there was one; the only truly detrimental bug would be a bug in AES, which would also undermine all forms of modern encryption and be a technological atomic bomb.

The audit team, on Twitter, gave the nod to DrWhax’ repository as being trustworthy. The Mac hashes for my copy of 7.1a (which I’ve been able to confirm through a few other trusted people I know, back at least a year or more) are:

TrueCrypt.app jonz$ find . -type f -exec md5 {} \;
MD5 (./Contents/Info.plist) = 787db9116b389053e9d5a42a4ffc20c7
MD5 (./Contents/MacOS/TrueCrypt) = dad908e7d366ea0eb8f94384192e3314
MD5 (./Contents/PkgInfo) = 986958519c9df91574332ee7aa37e3f4
MD5 (./Contents/Resources/License MacFUSE.rtf) = 640149a1cf8dea5e1463662da91f4741
MD5 (./Contents/Resources/License OSXFUSE.rtf) = 21999f024e556d5990e3a890b509b89b
MD5 (./Contents/Resources/License.txt) = fee6ff588ac878ba302927d5ead00c2d
MD5 (./Contents/Resources/TrueCrypt User Guide.pdf) = 60b1ea96c0dcb7238da39844f0c11910
MD5 (./Contents/Resources/TrueCrypt.icns) = 3c9cfcb366e0df907f9f123af5f5be80

Archives

  • June 2022
  • May 2022
  • March 2022
  • January 2022
  • December 2021
  • November 2021
  • September 2021
  • July 2021
  • January 2021
  • December 2020
  • November 2020
  • March 2020
  • September 2019
  • August 2019
  • November 2018
  • August 2018
  • March 2018
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • June 2015
  • March 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • January 2014
  • October 2013
  • September 2013
  • June 2013
  • May 2013
  • April 2013
  • December 2012
  • May 2012
  • September 2011
  • June 2011
  • August 2010
  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • July 2009
  • May 2008
  • March 2008
  • January 2008
  • June 2007
  • August 2006
  • February 2006

Calendar

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Jun    

Categories

  • Apple
  • Christianity
  • Essays
  • Forensics
  • General
  • Machine Learning
  • Music
  • Opinion
  • Photography
  • Politics
  • Security

All Content Copyright (c) 2000-2022 by Jonathan Zdziarski, All Rights Reserved