TrueCrypt, one of our favourite encryption tools of the past few years, has finally finished undergoing a security audit. Here’s how it fared, and what that means for you
Image remixed from Igor Stevanovic (Shutterstock)
First, the results: TrueCrypt’s audit showed no evidence backdoors or serious flaws, which is good. The researchers did find a few issues, however, with the random number generator and the possibility of “cache timing” attacks. However, these issues would only present themselves in very rare situations.
If you’re curious about the nitty gritty details, cryptographer Matthew Green explains it well on his blog, or you can read the full audit here (PDF). The gist is: unless you’re hiding some very, very important stuff, TrueCrypt should be sufficient to hide your data from all but the most prying eyes.
Of course, TrueCrypt is plenty of other tools out there.
Truecrypt: Cryptographic Review [Open Crypto Audit Project]
Comments
5 responses to “TrueCrypt’s Security Audit Is Finally Done, With (Mostly) Good Results”
Comment removed.
So who has audited BitLocker or FileVault code, exactly?..
Comment removed.
Is VeraCrypt backwards compatible to TrueCrypt?
Comment removed.