TrueCrypt's Security Audit Is Finally Done, With (Mostly) Good Results

TrueCrypt's Security Audit Is Finally Done, with (Mostly) Good Results

TrueCrypt, one of our favourite encryption tools of the past few years, has finally finished undergoing a security audit. Here's how it fared, and what that means for you

Image remixed from Igor Stevanovic (Shutterstock)

First, the results: TrueCrypt's audit showed no evidence backdoors or serious flaws, which is good. The researchers did find a few issues, however, with the random number generator and the possibility of "cache timing" attacks. However, these issues would only present themselves in very rare situations.

If you're curious about the nitty gritty details, cryptographer Matthew Green explains it well on his blog, or you can read the full audit here (PDF). The gist is: unless you're hiding some very, very important stuff, TrueCrypt should be sufficient to hide your data from all but the most prying eyes.

Of course, TrueCrypt is no longer in active development, which means we don't really recommend using it. Instead, try its open-source successor, VeraCrypt, which has already improved on the security of TrueCrypt and will hopefully solve the issues outlined in the audit soon. For the vast majority of users, it should be more than secure enough -- however, if you'd prefer to use something else, there are plenty of other tools out there.

Truecrypt: Cryptographic Review [Open Crypto Audit Project]


Comments

    Comment removed.

    Last edited 26/04/15 4:35 pm

      So who has audited BitLocker or FileVault code, exactly?..

      Last edited 16/04/15 8:40 pm

    Is VeraCrypt backwards compatible to TrueCrypt?

Join the discussion!