Crypto tool clears code review hurdle
By John Leyden, 15 Apr 2014 The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor.iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), ?found? 11 vulnerabilities in the full disk and file encryption software's source code, but no "high-severity" issues. The biggest problems identified were four medium-severity flaws, as detailed in a 32-page report on the audit [PDF].
Code analysis experts carried out fuzzing tests as well as looking at TrueCrypt's Windows kernel driver source code, the application's bootloader and its filesystem driver. iSEC found several weaknesses and common kernel vulnerabilities, but none which contained "immediate exploitation vectors". The security experts found no evidence of backdoors or intentional flaws.
The next phase of the audit will put the cryptographic technology underpinningTrueCrypt under the microscope. The random number generators, cipher suites and algorithms that underpin its encryption will all be given the once-over.
Full Article
Don't personally use this app...but know many who do...hence the interest in the article.