TrueCrypt Audit

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

TrueCrypt Audit

(1/2) > >>

Renegade:
(In case you aren't familiar with security audits, they are to determine the security of a piece of software and are quite intense.)

A fund has been set up to pay for a security audit if TrueCrypt:

http://www.fundfill.com/fund/4-spzFJdDQk211KJDAUfcOw==#

A site is also set up:

http://istruecryptauditedyet.com/

Anyways... Interesting. Publicly and openly audited.

Stay tuned. This could be important...

CWuestefeld:
From the discussion of this that I've seen, there isn't really any reason to suspect that there's a problem. It's just that people want to *prove* that TC is secure, and hasn't been compromised.

40hz:
+1 w/CUW

I think it's more that it's just now become important enough that people want to know for sure about TrueCrypt. Especially since misplaced trust in some faulty encryption mechanism is far more dangerous than not having encryption at all.

FWIW I've never heard any creditable concerns about TrueCrypt prove out so far.

IainB:
From the discussion of this that I've seen, there isn't really any reason to suspect that there's a problem. It's just that people want to *prove* that TC is secure, and hasn't been compromised.
-CWuestefeld (October 10, 2013, 12:31 PM)
--- End quote ---
On the other hand, it could be the old IBM trick of deliberate spreading of FUD - fear, uncertainty, doubt - on a safe and uncrackable decryption system, by...hmm (I have no idea)...which might cause people to consider it "unsafe".

I'm not sure why anyone would want to do that, of course... :-\

Yes, an audit could help to "prove" things, but then you'd need to audit the other crypto-g schemes (MS, Norton/Symantec, etc.), as a basis of comparison, to establish a level playing field.
Of course, you'd be able to trust the results as no-one would rig the results of such an audit. That would be like suggesting that some government agency spies on our every communication on the Internet and wants to continue doing so, unhindered. A laughable idea.

Mark0:
How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
We show in this article how to reproduce a deterministic compilation process specific to TrueCrypt 7.1a for Windows that matches the official binaries, and relieve the world from at least some concerns.
--- End quote ---

Navigation

[0] Message Index

[#] Next page

Go to full version