A audit of the source code TrueCrypt: there were no serious threats

ISEC noted that the source code of the bootloader and the Windows nucleus driver «do not comply with the expected source code standards». Among the discovered problems, it is noted that Truecrypt uses unsafe and undesirable functions, there is also a lack of comments and differing types of variables. Since Truecrypt is an open source project, many people participate in its development, so such problems are not strange.

Researchers not only criticized the creators of the encryption program. So, they noted the presence of high -quality reference materials that contain recommendations and a similar description of TrueCrypt functions. Also, there were no baccors and any malicious code entered into the code intentionally, and all the detected vulnerabilities appeared as a result of errors.

Among the vulnerabilities there is an error of the volume header output algorithm, several errors in the decompressor of the bootloader, the availability of information from the kernel glasses, as well as the use of the Windows kernel driver Memset () to clean important information. These vulnerabilities are not at the risk of compromising systems, they only threaten the leakage of confidential information.

ISEC employees recommended changing the development environment for Windows because it uses tools and sets of programs that are difficult to get from trusted sources. Also, the creators of TrueCrypt should work on the quality of your code, since it is currently difficult to study and modify it.

This study is very significant in the light of the recently discovered Heartbleed vulnerability in the Openssl set, which also has an open source code and is also used by a huge number of users. Open source projects in the near future, most likely, will survive serious processing, since the Internet community depends very much on them, but until recently they did not belong seriously enough.

Leave a Reply

Your email address will not be published. Required fields are marked *