13 Comments

Summary:

It’s a mystery that has the information security industry scratching its collective head: why did the anonymous developers of TrueCrypt, a tool recommended by the likes of Edward Snowden, suddenly kill the project and recommend a Microsoft encryption tool instead?

Sherlock

The web security scene is thoroughly weirded out following the abrupt and inexplicable closure of the TrueCrypt project.

TrueCrypt was an anonymously authored piece of disk encryption software that came well-recommended — even Edward Snowden was keen on teaching people how to use it. It allowed users to create hidden volumes whose very existence would only be revealed with a secret password. This “plausible deniability” aspect was designed to protect users facing physical or legal attackers, who would remain ignorant of the secret compartment’s existence and would therefore not start breaking kneecaps or threatening jail terms in order to find the password.

Any excuse for an XKCD comic:

So long…

Sometime on Wednesday, a message went up on the TrueCrypt web page, announcing that the software was “not secure as it may contain unfixed security issues,” before going on to state:

“This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

The page now includes a link to a new, smaller version of TrueCrypt that can only decrypt — further encryption is no longer possible. As security researcher Runa Sandvik noted on Forbes, this executable was “certified with the official TrueCrypt signing key, proving that whoever updated the website is also in a position to release and certify new versions of the encryption software.”

If the TrueCrypt people were hacked, therefore, the hackers did a thorough job of impersonating them. It’s hard to tell what happened. Cryptographer Matthew Green of Johns Hopkins has unsuccessfully tried to contact the anonymous developers, though he reckons the warning notice is the genuine article:

Audit connection?

Green and Sandvik are both involved with the Open Crypto Audit project, which pretty much does what it says on the tin. Funded on Indiegogo and FundFill late last year, the project’s first task was to audit TrueCrypt. The first phase of this mission was completed around a month ago, finding a handful of relatively minor vulnerabilities in the TrueCrypt bootloader and Windows kernel driver. The second phase — formal cryptanalysis of the software — was underway, but Green tweeted on Wednesday that the auditors hadn’t found anything noteworthy yet.

So, assuming that this isn’t all an intricate hoax, what happened? A good few Redditors reckon the TrueCrypt developers were trying to warn users that the authorities had gotten to them, without saying so explicitly due to some kind of secret subpoena. That said, TrueCrypt didn’t hold user information the way, for example, Lavabit did.

What struck many as particularly odd was the developers’ apparent recommendation of Microsoft’s BitLocker as the preferred alternative, not so much because BitLocker is untrustworthy — as Sophos researcher James Lyne noted on Forbes, it’s “been the subject of numerous audits and standard checks” — but because BitLocker only comes with pro and enterprise versions of post-XP versions of Windows.

What now?

If, as the warning post appears to suggest, the death of XP renders TrueCrypt unnecessary, what are consumer-grade Windows users supposed to do now? For other platforms, there are alternatives — Mac users have FileVault and Linux users can turn to a few alternative implementations of the TrueCrypt encrypted container format — but TrueCrypt’s cross-platform nature will be missed by many.

Can TrueCrypt now be forked? Green indicated that he hoped so, but he also told security expert Brian Krebs that TrueCrypt’s peculiar, not-really-open-source licensing may be a blocker. He also expressed worries over the timing of the closure, what with that audit going on:

“There are a lot of things they could have done to make it easier for people to take over this code, including fixing the licensing situation. But maybe what they did today makes that impossible. They set the whole thing on fire, and now maybe nobody is going to trust it because they’ll think there’s some big evil vulnerability in the code…

“Today’s events notwithstanding, I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there. But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact we were doing an audit of the crypto might have made them decide to call it quits.”

Hopefully, the truth will out.

  1. Someone commented in Slashdot that pre-agreed “canaries” in v7.2 indicated that the developers were acting under duress. Anyone else seen any other info to this effect ?

    Reply Share
    1. AFAIK no canaries, pre-arranged or other, exist.

      Usually, a canary is a negative assertion with a datestamp – “As of XXX, we have not been required to compromise user data or the integrity of our code” – and if the date on the canary is less than the date of the build, then you can draw the obvious inference.

      The downside is that, if a law enforcement attacker is able to demand key material (and Lavabit shows that judges have no problem with this) they can usually take control of the website and the build signing key, rebuild the code *themselves* to have a backdoor, update the canary themselves, and upload.

      There has been speculation that the suggestion of BitLocker, being completely against what they have stated in the past, and the statement that ending XP ended usefulness for TC (when their roadmap included Win8 support, assuming that is possible in a UEFI environment) is a subtle attempt to avoid a gag order preventing them from revealing that their keys were compromised to the authorities – but that isn’t really anything you can nail down.

      Reply Share
  2. TC’s licensing isn’t terrible. Basically it boils down to:
    a) you need to include an ack to the official project in your docco and
    b) You aren’t allowed to call it TC or anything confusingly similar to TC.

    Fedora’s RealCrypt fork, for example, is licence compliant.

    Reply Share
    1. The phrase “Fedora’s RealCrypt fork” is easily misunderstood.

      There is an independent fork called RealCrypt that is available for Fedora. It is not part of the Fedora Project. See https://bugzilla.redhat.com/show_bug.cgi?id=454667#c9

      Reply Share
  3. The problem with the TC license is that in concert with the copyright markings in the code and the unresolved history of disputed rights in the ancestral E4M code, it implies the possibility of a minefield of litigation for anyone forking the project or distributing binaries with the full cross-platform feature set. The persistence of the license & rights issues for so long implies that a clear resolution was beyond the capacity of the current TC developer(s) and that in itself could be a motivation to walk away.

    Add to that the fact that the initial report from the ongoing audit essentially provided a TODO list amounting to scores (hundreds?) of hours of functionally meaningless code work, and it seems to make a supporting case for developer burnout.

    Reply Share
  4. The article is wrong on Bitlocker-support in Windows, all current versions of Windows support it.

    Reply Share
    1. Show me how to access it using Windows 7/8 Home Edition and you get a cookie.

      Reply Share
      1. Done: http://windows.microsoft.com/en-us/windows-8/using-device-encryption

        Granted, it’s only available in Windows 8.1, so you can keep your cookie if you like. But 8.1 is a free upgrade, so it’s not like Microsoft is holding it ransom from 8.0 users.

        Reply Share
  5. Jon22, please provide a microsoft link to where someone with Windows 7 Home Premium can download Bitlocker. AFAIK it only comes with Ultimate and Enterprise editions.

    Reply Share
  6. Reblogged this on Carpet Bomberz Inc. and commented:
    Not just weirded out but truly Disturbing. TrueCrypt has shutdown. Outside of PGP, there or unix freeware alternatives there isn’t a free desktop full-disk encryption utility for Windows. This is like Lavabit.com vanishing into thin air. Wonder if it’s related to Edward Snowden like Lavabit was.

    Reply Share
  7. Scott Royall Friday, May 30, 2014

    But then again, the current version is already in use with only minor security issues identified thus far. Hopefully, the code audit will be completed so that we may fully understand what vulnerabilities may exist there.

    It seems that there are several plausible explanations for the sudden closure of the TrueCrypt development project, although the close proximity to the code audit is too coincidental to not be a factor. Consider this, however: The FISCA courts are not able to keep subjects from self-identifying. So, if the government had gotten to the TrueCrypt authors, why wouldn’t they simply reveal their own identities publicly and “retire.” That would effectively cast doubt on any future TrueCrypt development without undermining confidence in the current version. The closure altogether suggests to me that the authors knew of issues that would be uncovered as the audit progressed, and didn’t want to deal with them.

    Reply Share
  8. Mongrel Monkey Friday, May 30, 2014

    Maybe Microsoft secretly hired the TrueCrypt team.

    Reply Share
  9. Sarah Butler Saturday, May 31, 2014

    The fed is obviously busy trying to get at Snowden somehow. They can’t though, and Snowden has been promoting, from what I heard, lavabit and truecrypt. Look how desperate Kerry has become. And of course those news stories about frustrated intelligence agencies thwarted by truecrypt. It’s sickening, what the world around us is becoming. Even linux, approached by the NSA and legally bound to act as spies.

    The truecrypt website, in my opinion, cannot in any likely scenario be taken as a literal, straightforward, truthful statement from the legitimate developer(s), so I view this as probably a canary. The product, only prior to the latest version that does nothing and has lots of warnings, seems safer than nothing to me so I’m quite willing to use it myself. So many of the assumptions behind recommendations on the current truecrypt site are so incorrect…obviously incorrect, especially to the person who made this software….it’s quite telling. And when one looks at motives, it lines up perfectly as well. Canary.

    With this new colorful cheerful shiny facebook sharing thing we all risk our relationships with our business, families and friends whenever we make any kind of political speech. A new echelon of censorship if you will.

    Before you cry “conspiracy theory” do recall the mainstream news stories the past few months.

    Reply Share