The First Round of TrueCrypt Audits Finds No Vulnerabilities


TrueCrypt, the open-source disk and file system encryption tool that is popular among privacy advocates, has undergone its first round of security auditing. The audit, conducted by iSec, evaluated the bootloader and the Windows kernel driver. They found no significant vulnerabilities in the code that would lead to security concerns.

The second stage of the audit, which will comb through the actual code that handles the encryption, is next. If the iSec team is not able to find any vulnerabilities in the cryptographic code TrueCrypt will be reinforced as the most trusted full disk encryption solution.

The advantages will be:
Open-Source: Anyone can view all of the code supporting TrueCrypt and evaluate it for vulnerabilities and backdoors.

Peer-Reviewed: TrueCrypt will have the advantage of having a full security audit. A lengthy and expensive process where the code is reviewed line-by-line for vulnerabilities.

These two factors will place a lot of trust in the application and the code to be safe from all forms of intrusion.

Data Sources:

http://istruecryptauditedyet.com/

https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

< last
next >