Ciphershed: TrueCrypt, Rebooted

It’s been about a week since the developers of Truecrypt discontinued their project in a baffling and controversial way. There have been a number of forks of the code base including truecrypt.ch – which has already been mentioned previously on this blog. The other effort, now known as ciphershed was spearheaded by Bill Cox, and following my correspondence with him about his team and their project, I figured that it was only fair that we provided a brief overview of the project and its goals to my readers.

I’ve noted that forks can often dissolve community trust in a project. I think it is important to note for the record that Ciphershed notes on their website that they have reached out to truecrypt.ch in an attempt to merge their two projects but this appears an unlikely proposition given the personalities involved. It appears that the Ciphershed project already has a greater level of organization, with actual development already taking place and several well known identities getting involved. Bill stated that it is his fervent hope that ciphershed will save Truecrypt. Given the importance of having an open source multi-platform FDE solution, I can only hope that the project moves forward despite significant hurdles – namely the not-so-friendly licensing terms of the TC code, the decidedly average code quality in some parts of TC (namely the boot loader) and the dependency on a decade old Microsoft compiler.

I’ve contacted Bill to see if he would be interested in writing a few words about the project, and hopefully he can do so and directly speak about how ciphershed intends to bring TC into the 21st century, namely whether a new boot loader is planned in order to support UEFI and whether they have given any consideration to modifying the on-disk format and default cipher selections. I should note that the project have already placed an audit ‘roadmap’ up for public comment – detailing how they propose to address deficiencies found in the code audit.

On a related note, several people have asked for a reliable source for 7.1a. There are several mirrors of the code available, the two linked here being that of Steve Gibson and the OpenCryptoAudit’s github page. Note that the MD5 hashes provided below are courtesy of OCA and that I have not personally verified their accuracy or authenticity.

win32 installer (md5:7a23ac83a0856c352025a6f7c9cc1526) [grc], [oca]
mac osx dmg (md5:89affdc42966ae5739f673ba5fb4b7c5) [grc], [oca]
src in a tgz (md5:102d9652681db11c813610882332ae48) [grc], [oca]

Stylometric Analysis Of The TrueCrypt Authored Documents

Aside

Out of curiosity, I performed a basic stylometric analysis on several pieces of material that were known to have been authored by the TC developer(s) and referenced that against a control (a sample of my own writing style from this blog) and the text currently displayed on the TC site. While we were unable to draw many conclusions, the following information may be enlightening:

It appears that the individual who was responsible for the user guide was not responsible for the dialog box message. It is likely that the author of the user guide was the same person who authored the ‘warning’ that was placed upon the site yesterday (chi square 18.462, threshold 20% or 22.76).

The individual who appeared to have composed the dialog message appears also to be the one responsible for some of the source code comments we tested.

Link

The security world sure moves fast! A website (http://truecrypt.ch/) has been created with a stated intent to continue maintaining the Truecrypt code, obviously starting with the last fully functioning code base of 7.1a. The site also has a mirror of the TC installers for various platforms. Whether this will amount to anything is anyone’s guess at this point in time.

Truecrypt Update

I figured it would be pertinent to update everyone on the Truecrypt situation. Ultimately, very little has changed and we don’t know all that much. Matthew Green had an exchange with Steven Barnhart on Twitter essentially stating that the development team simply got tired of updating the software and that this action was unrelated to the audit.

My belief that this shutdown was at the request of a government agency persists despite information flowing through to the contrary, and there are a few anecdotal indications that seem to indicate that the page posted to the website was a canary, remembering that directly stating that development has been discontinued due to the receipt of a NSL would violate the order’s secrecy provision and the likely result would be the party responsible would face a secret court. So, one can understand why double talk and innuendo are required when so much is at stake.

Posters on Bruce Schneier’s blog have pointed out the strange wording of the statement, “using Truecrypt is not secure as it may contain unfixed security issues”; perhaps they were specifically ordered not to fix a certain vulnerability in the code and instead wound up the project. Perhaps the statement on their website (emphasis mine) is a warning of such interference.

The other curious thing is that requests to resources on truecrypt.org return a 410 (Credit: Andy). The 410, according to the hypertext RFC is used “if the server knows …. that an old resource is permanently unavailable … This status code is commonly used when the server does not wish to reveal exactly why the request has been refused”

Of course we are all just speculating. If the developers of the project truly wished to wind up their operations and everything was otherwise okay they would not have acted in this manner. Advising users of Windows to migrate to Bitlocker is anathema to the majority of TC’s userbase. A simple note on the website that the project has been discontinued due to a lack of funds/time/support/devs/etc. would have been far better and leave less questions surrounding the true circumstances of their abrupt exit from the market. Indeed, despite the fact that old and unmaintained software can have unpatched vulnerabilities, most would leave their full project page and download area active, albeit with the above caveat attached. A statement to the effect that they are abandoning the source code into the public domain or relicensing the code code with a FOSS-friendly license would have also been the responsible thing to do – allowing others to fork and build on the work that you started. Indeed, even if they did all of the above a fork may not be the best idea given the source code may be encumbered with non-free components (those unaware of the E4M controversy that occurred early in the life of TC should view the History section of the project’s Wikipedia page for a brief primer).

The smartest thing – moving forward – would be for a new project to begin. This project would aim to create a functional replacement for Truecrypt whilst not necessarily using TC code nor providing backward compatibility will provide a modern full disk encryption suite primarily for Windows systems.

The project should:

  1. support GPT/UEFI
  2. have an on-disk format compatible with LUKS or dm-crypt
  3. use a crypto accelerator if the motherboard has one fitted
  4. have a simple user interface and comprehensive help where options are unclear

Essentially all of the above (with the exception of points 1 and 3) were implemented in FreeOTFE almost ten years ago. The latter has also become abandonware but its source code – along with the Linux kernel source for LUKS and its associated modules – would be useful for someone attempting a (near) clean room re-implementation.

For the moment – the average Windows user has three choices. They can continue to use the deprecated v7.1a of Truecrypt despite the ominous warning, they can migrate over to a commercial solution like Bitlocker or PGPdisk or they can switch to a platform that has decent and open source FDE such as Linux or FreeBSD. The use of file based encryption tools is also a possibility but one fraught with danger on Windows, which is liable to leave unencrypted copies of your data everywhere (e.g. thumbnail caches, browser cache for viewed hypertext files, filenames at the very least stored in recent document lists, etc.).

As I said earlier, when the Snowden disclosures were brand new and still leaking out in a piecemeal fashion from the Guardian et. al. – the NSA have started something big, and the cumulative results of what amounted to them shaking the crypto-tree hard enough for some apples to fall out will be felt for a long time and result in definite changes to the way we conduct business and confidential transactions online. I believe that we are perhaps witnessing the opening salvos of a war between the government agencies and privacy advocates and the hackers who make privacy software happen. The EFF probably needs our support and funding, so if anyone has a spare few dollars and wants to donate to a good cause, the EFF is certainly a worthy foundation.

TrueCrypt Website Declares Project Dead

It appears that the truecrypt project is officially dead. At approximately 1800hrs the Truecrypt project’s sourceforge project page was updated, with the status being set to ‘inactive’ and new binaries posted – ostensibly of ‘Truecrypt v7.2′. The main page featured the warning that “Truecrypt is not secure as it may contain unfixed security issues.’ The signing keys used match those used previously. Krebs notes that there have been no changes to delegation, etc.

Their rationale that Truecrypt development was ended as a result of Windows XP becoming end-of-support seems curious as there appears no relationship between the two. Their advice to to abandon Truecrypt for propreitary solutions like Microsoft’s (almost certainly backdoored) BitLocker also seems odd.

Users on Schneier’s blog have been discussing the various possibilities with the most plausible mentioned being that the Truecrypt team were compelled via NSL or other government instrument to co-operate and that burning down the project was potentially the thing that they could have done. This is possibly why they were unable to give a legitimate explanation, instead citing the ludicrous one regarding Windows XP support. Another possibility is that Matthew Green et. al.’s TrueCrypt audit had spooked the authors in some way.

Just twelve hours ago I believed that this was a website compromise, but I am now convinced these actions were initiated by a member of the TC team and not by a malicious attacker. It is indeed possible that one of the developers has gone rogue, but I believe that it is almost a certainty at this point that TC – as we have known it, at least – is dead. Given the licensing issues (TC’s license is not completely FOSS friendly) it remains far from certain that anyone will fork the source from 7.1a and continue to develop the software.

This marks the death of the second free(ish) Windows full disk encryption suite with the first being FreeOTFE. The important thing to note is that Truecrypt had several very large stumbling blocks in the way of its acceptance by the community – some of them technical, some of them legal and license related, and the vast majority of them social. The shadowy Truecrypt Foundation and the way the organization attempted to shield themselves from any scrutiny made many understandably cautious of the software. Only several months ago on this very blog I detailed the myriad issues I have with Truecrypt and advised readers not to trust the product and to instead seek alternatives. That said, there are no free and trustworthy full disk encryption products for Windows (and obviously, Windows itself – and the underlying Wintel architecture – has some major trust issues of its own).

TrueCrypt Website Compromised?

Aside

Earlier today we found the official TC website had been modified and now featured a warning to disuse the product. I initially suspected website compromise but found that the “new” TC packages offered are signed by a legitimate looking key. To further confound the issue a representative from Sourceforge reported earlier that no unusual activity had been noticed. This may be a plain and simple compromise but it may also be the TC developer’s way of informing the public that they are unable to guarantee their privacy, perhaps as a result of a NSL. I am trying to contact individuals who should know more about what is going on, and will update this post later today as the fog dissipates on this issue.

Readers of this blog will know that I have never particularly liked the secrecy behind TC’s development. It remains to be seen what happens next, especially with the interim results of the TC audit due to be released next week.