The TrueCrypt Audit - Phase One Completed

[Ethnod]

I am not sure how many here supported this Indigogo Campaign but I hope some of you are at least interested in the results... well Phase One results that is. Its a pretty comprehensive report and to be honest most of it is way way waaaaay over my head. Personally I was ecstatic to read "11 vulnerabilities were found, all rated Low to Medium severity. To date, we have found no 0-Day critical vulnerabilities or "backdoors" (intentional or otherwise) in the code."

 

So any thoughts? Any insights? Any one actually read this and now about and have anything to report?

 

 

Source:

https://www.indiegogo.com/projects/the-truecrypt-audit#activity

 

Full Report:

https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

 

 

PS: I'd love to see LTT bring on an expert/knowledgeable person and discuss this report and related stuff

[dragosudeki]

Let's hope it doesn't come with any holes. I don't want to hear something about this and Heartbleed or some other problem they found. >.<

[Fred Castellum]

I haven't seen this before.. interesting news. Hmm the Truecrypt 7.1 source code is publicly available.

[AndThenThereWas1]

That was an interesting read. Seems like most of the issues are just careless coding. Im sure the truecrypt team will work to fix the issues and quickly and get a new build out.

[thunderdog512]

Glad to see people are looking into the source code of this. Makes me feel safer when I use it to encrypt my flash drives.

[LordTumnas]

Good to see truecrypt getting some love, its a great tool.

[Morpheus]

I'm glad... hopefully it's a safe tool to use because it sure as hell is very useful

[qwertywarrior]

they finally finished it

i was waiting for this

impressed not to find a single high level  vulnerability