Thursday, November 21, 2013

Encryption for the paranoid: Verifying TrueCrypt source code and binaries

TrueCrypt is open source and verifiable, but until someone actually does the verification, recent events have taught us to be skeptical.

TrueCrypt is easily the most popular and highly-regarded encryption program there is. TrueCrypt is capable of encrypting complete drives, partitions, folders, or individual files. Somewhat ironically, TrueCrypt is also well known for its ability to hide data in plain sight.
TrueCrypt Verify 1.png
Along those lines, it is interesting to note that all of the TrueCrypt developers have remained anonymous, with all communications going through the TrueCrypt Foundation. I did find a 2005 interview, supposedly with one of the developers, code-named Ennead. 

Recommended by experts

Cryptography experts' willingness to recommend TrueCrypt is in part due to TrueCrypt software being open source, meaning it’s reviewable. This is something that’s happening all the time according to the TrueCrypt FAQ web page

"In fact, the source code is constantly being reviewed by many independent researchers and users. We know this because many bugs and several security issues have been discovered by independent researchers while reviewing the source code."

But most people do not download the source code, and then compile it. They install TrueCrypt using one of the executable files. And that’s when the validity of the software becomes questionable. The FAQ web page mentions one way to verify that the downloaded files are compiled from the advertised source code:

"In addition to reviewing the source code, independent researchers can compile the source code and compare the resulting executable files with the official ones. They may find some differences (for example, time stamps or embedded digital signatures) but they can analyze the differences and verify that they do not form malicious code."
Unfortunately, I’m unable to find any documented evidence of this having been done. After downloading the source code, I can see why. It was almost two MB of data. Reverse engineering a program that complex cannot be simple. 

Up until recently, this has not been an overly-pressing issue with encryption experts. But that changed when Mr. Snowden released information about the NSA Bullrun program:

"Documents show that the NSA has been waging a war against encryption using a battery of methods that include working with industry to weaken encryption standards, making design changes to cryptographic software, and pushing international encryption standards it knows it can break."

Bruce Schneier, in this blog, affirms the New York Times claim: 

“Defending against these attacks is difficult. We know from subliminal channel and kleptography research that it's pretty much impossible to guarantee that a complex piece of software isn't leaking secret information. We know from Ken Thompson's famous talk on ‘trusting trust’ that you can never be totally sure if there's a security flaw in your software.”

Cryptographers, a nervous bunch to begin with, finally had enough. Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, Principal Scientist at Social & Scientific Systems decided to audit the executable files derived from the current version (7.1a) of TrueCrypt source code, and complete the following:
  • Create a verified independent version control history of the TrueCrypt source and executable code.
  • Document the building of executable files from the source code for the various advertised operating systems.
  • Conduct an audit (security and cryptanalysis) of the programs.
On their website, the gentlemen mention, "Many of our concerns with TrueCrypt could go away if we knew the binaries (executable files) were compiled from source." They also want to eliminate any concern that TrueCrypt has been compromised, most notably with a backdoor.

"The real dream of this project is to see the entire code base receive a professional audit from one of the few security evaluation companies who are qualified to review crypto software."

As you can well imagine, this kind of undertaking is not cheap. Green and White came up with a novel idea: use crowd sourcing to finance the project. It seems to be working, having raised 50,000 dollars since October 14. Donations are still being accepted at FundFill and IndieGoGo.

Final thoughts

I’ve read that Green and White have reached their financial goal, so TrueCrypt should get its day in court. The entire story behind TrueCrypt has been a source of fascination for me, and I hope TrueCrypt passes muster. If I were a betting man…