Despite the popularity of TrueCrypt, which makes it possible to encrypt files and hard drives, the source code and cryptographic software operation had never been audited. January last year decided security iSEC Partners to conduct the audit of the TrueCrypt boot loader and Windows kernel driver. In April it was audit report presented. Although there are several problems were found, the researchers found no backdoors. The second part of the audit would focus on the cryptographic operation of the encryption program.
Six weeks after the appearance of the first audit report, the TrueCrypt developers pulled the plug on the project. A day later showed Green and White, however, know that the crypto-audit they would still be, but then it jealously kept quiet. According to Green threw the sudden disappearance of TrueCrypt plans somewhat confused. As was given to whether the money could be better spent on different TrueCrypt successors.
Eventually there was a "Plan B" drawn up within budget and also makes sense. As part of this plan was a few weeks ago a contract with the just-launched Cryptography Services of NCC Group closed. Here the original TrueCrypt 7.1a will be audited.This version also forms the basis for various successors.
Green now reports that the audit will take place soon. In addition, let the promoters of the audit plan that they also look at parts of the code, including the Random Number Generator (RNG) TrueCrypt and other parts of the cryptographic implementation. "This will hopefully complement the work of NCC / iSEC and give a little more confidence in the implementation," said Green. He notes that it took a little longer than planned, but the results really come. Results of which he hopes she " really boring "will be.
No comments:
Post a Comment