Story 2014-04-16 3HZ Audit of TrueCrypt disk encryption software reveals low source code quality

Audit of TrueCrypt disk encryption software reveals low source code quality

by
in security on (#3HZ)
Back in October 2013, Kenneth White and Matthew Green kicked off the idea to do a full and complete audit of TrueCrypt, the most popular disk encryption package out there. They raised over $60,000 dollars and 33BTC to this end, and got underway.
The first part of the audit - the in-depth source code review - was performed by a security firm and completed on April 14 of this year ( report ).
The results are interesting to read. No bogeys have been found so far, though 11 medium-to-minor items were identified. But the authors did note:
Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of inse-cure or deprecated functions, inconsistent variable types, and so forth.

The next stage, cryptanalysis , has begun and is proceeding.
I'm sure plenty of people are thinking, "How about doing the same thing for OpenSSL?" I'd personally prefer to see this sort of effort going into improving the OpenSSL software.
Reply 7 comments

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1524

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1533

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 80

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 82
Fatal Error - sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [1134] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by] - Pipedot
Fatal Error
sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [1134] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by]