Difference between revisions of "What happened to Truecrypt - May 2014"
(No difference)
|
Revision as of 20:32, 30 May 2014
Truecrypt, the popular disk encryption software has recently changed its website to a security warning that states Truecrypt is not secure anymore, and to switch to BitLocker for Windows, or No encryption for Mac. It does not even mention Linux.
This article was written May 29, 2014 at 12:30PM
This article was updated May 29, 2014 at 2:30PM, 5:36PM, 7:05PM, 8:43PM
This article was updated May 30, 2014 at 12:00AM, 2:00PM, 4:30PM - Final Answer now first section -- please read
Download TrueCrypt All Versions: All TrueCrypt files, binaries, keys, source, all versions
ValdikSS Analysis on Github Gist | Russian Version
Contents
Final Answer - Solved?
The Premise
As per recent posts from Matthew Green and Steven Barnhart, it appears as though we have an answer. The dev claims to have just gotten tired of maintaining the program Truecrypt. He claims that he does not want anyone using the source code for the bootloader and the GUI because "that's harmful because only they are really familiar w/code".
Is this really what happened though? I mean what about the panic stricken Bitlocker page and the mysterious method used to leave the software world? What about the refusal to let others build on the code that was nearly open-source? It still seems fishy, but we do have an answer from the dev at least...
Sources:
https://twitter.com/stevebarnhart/status/472200478345150464
@matthew_d_green 1 more "I were happy with the audit, it didn't spark anything. We worked hard on this for 10 years, nothing lasts forever."
https://twitter.com/matthew_d_green
The facts
These are facts of what I have seen that may offer some insight into the cause of TrueCrypt's recent decision.
- Sourceforge Account
- Signed keys were updated 3 hours before posting version 7.2 by an apparently legitimate source Sourceforge, Truecrypt account history rss version
- Sourceforge changed its password policy 1 week before the incident source
- Sourceforge claims there is no suspicious activity on the admin account source
- The Webhost for Truecrypt.org
- Still has the same IP address of many years back DNS History for Truecrypt
- DNS was not modified
- The entire site redirects to the SourceForge project page
- The Website code for Truecrypt.org
- Now redirects to the SourceForge page for Truecrypt using a 301 permanent redirect
- The Content on Truecrypt.org
- The main page has been replaced with instructions to switch to Bitlocker for Windows
- There is a mention of the end of Windows XP support, and an incorrect date for its end of life, 5/2014 instead of 4/2014
- The directions for Bitlocker are only possible for the few people who use Ultimate and Enterprise versions of Windows, less then 20% of users
- The directions for Bitlocker migration are simply wrong (you should unencrypt before you go to bitlocker, but they say the reverse)
- The directions for Mac encryption say to use "none"
- The Mail Addresses of Truecrypt.org
- Are all bouncing messages confirmation
- The new TrueCrypt version 7.2
- Has a lot of changes that appear to have been in development for a while, like an incomplete new version
- Removed the ability to create encrypted volumes and drives
- Added a bunch of messages saying the exact same thing on the website-- TrueCrypt is insecure
- The Truecrypt terms of use
- Removed the clause requiring a link to truecrypt.org or to say your code uses TrueCrypt
- Changes every "U.S." to "United States" (possibly irrelevant)
- TrueCrypt on the Internet
- TrueCrypt is now being removed from all "wayback machine" like sites where you can view websites as they used to look source
- The Truecrypt dev team
- They are anonymous, nobody knows who made TrueCrypt
- Nobody can reach them now
- The audit and the audit team
- They have not heard from Truecrypt Devs yet, last word was they were looking forward to phase 2 of the audit
- Matthew Green is keeping people up to date on his blog blog
Speculation of what happened
Again, this is only speculation, I have read a lot and spoken with a lot of people about the possibilities and I have come up with a few theories that could match the facts.
#1 - Coercion
The premise
The TrueCrypt dev team was told by a government agency to add a backdoor to TrueCrypt.
See: Wikipedia Rubber Hose Cryptanalysis
My Reasoning
The whole situation with TrueCrypt is just a bit off, none of it makes sense from our viewpoint. It is possible that there was a subpoena was issued to reveal information that would compromise the security of TrueCrypt, whether this is knowledge of any possible security flaws, private keys, or the request to add a backdoor to TrueCrypt. This is exactly what happened to Lavabit email service a while back, and resulted in a similar outcome to what we see today in TrueCrypt. The combination of the factors below indicate to me that the developer was trying to say his software is no longer safe BUT he cannot say why due to a warrant canary.
- Strange wording on the TrueCrypt site (Windows XP end date incorrect among others)
- Recommendation of BitLocker - this is the complete opposite of TrueCrypt and is a horrible piece of advice
- Recommendation for Mac to use no encryption - Are they trying to tell us something?
#2 - Unappreciated
The Premise
The TrueCrypt audit project raised over $62,000 US dollars source to investigate whether the TC dev team was hiding things in the code that could bypass encryption, literally tearing their project up with a huge budget. Meanwhile, the TrueCrypt foundation gets so little donations, that it was too disheartening to continue because everyone was against them.
My Reasoning
- There were very few donations to TC Foundation. I do not know the exact number of course, but it is safe to say the audit raised way more money than Truecrypt itself
- As an anonymous developer, you get no credit for your contributions, and nobody to say thank you every day
- All of these changes appear suspicious but still likely made by the dev himself or the foundation
#3 - Defacement or Hacked Account
The Premise
Someone gained access to all of Truecrypts keys and logins for both the program, the webserver, and SourceForge
My Reasoning
This is the least likely scenario in my mind at this point. It would be too elaborate for vandalism. Still here are the supporting reasons:
- Idiotic recommendation to use Bitlocker instead of an open source solution
- No warning to being shut down
#4 - Real Life
The Premise
The dev got bored of supporting the project, or had issues in real life that took precedence over TrueCrypt.
My Reasoning
It happens to everyone
- claiming TrueCrypt is not safe is a good idea in this scenario, as it will no longer have official updates
- All of the suspicious changes appear to have been made by the developer
#5 - Government Trying to Smoke out Developers
The Premise
Someone gained access to all of Truecrypt's keys and logins for both the program, the webserver, and SourceForge, but could not find the developers.
My Reasoning
A government might have enough resources to break the developers' public-private key pairs and hack into the site.
- Making an absurd recommendation that everyone switch to Bitlocker might goad the real developers into responding.
- The government might have enough power to break the public-key encryption used to authenticate the developers.
#6 - Major Flaw
The Premise
The developer was working on new features for 7.2 based on the diff of the source. It is possible there was a major flaw that was found by the dev and nobody else yet. Instead of releasing the vulnerability and making it public which would allow everyone to open anyone's Truecrypt containers, the dev decided to close the project and convince people that the program is no longer secure by destroying its credibility.
My Reasoning
Yes, I know that there were no flaws found in the audit YET, but still here are my reasons:
- TrueCrypt cannot regain the trust of the world again after this nefarious activity, effectively killing it
- The methods used to "shed" users were very mysterious on purpose-- to make it very public that nobody is safe
#7 - Irate Developer
The Premise
We know nothing about the dev team for TrueCrypt so this is pure speculation but sometimes dev teams disagree, and it can turn into something like this. If one irate developer had access to the private keys for the program, access to the webserver, and access to the SourceForge account, this is a possibility.
My Reasoning
- This happens sometimes (yes a weak argument but statistically it should be on this list)
External Links
Related Posts
- How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
- ycombinator - A long comment page with lots of useful information and links
- TrueCrypt page on Sourceforge - The Truecrypt.org address redirects here
- Twitter - Matthew D Green The lead of the audit team who was in contact with TC devs
- SumoTorrent - TrueCrypt Master Archive - All sources, binaries, and keys for every OS and all versions of TC in a torrent file
- Istruecryptauditedyet.com - The name says it all
News
- ZDNet article on TrueCrypt's issue
- Forbes News - Encryption Tool Endorsed By Snowden Abruptly Shuts Down