Thursday, May 29, 2014

Hack, Hoax, or Hanging It Up: What's Real With TrueCrypt?

Sometime yesterday afternoon, truecrypt.org, the web site of the "semi-open-source" TrueCrypt portable encrypted virtual hard drive software, changed its tune in a very unexpected way. The web site now redirects all traffic to truecrypt.sourceforge.net, which contains the following warning:



A little background is in order. TrueCrypt is free software for encrypting data. It can be used to create an encrypted virtual hard drive (a partition within a container file, which can easily be transferred to another location to share or to backup), or to encrypt an entire physical device. The source code has always been freely available, but the developers have remained anonymous, known only as "The TrueCrypt Foundation." And while source code is available, that does not necessarily mean that every line of code has been independently reviewed. Aside from the most paranoid of individuals, most download the pre-compiled executable - which probably comes from the publicly shared source code, but there's always the possibility that the compiled code differs. Security-minded folks are by nature skeptical.

TrueCrypt has been around for over a decade, and has been recommended by many. Security blogger Bruce Schneier uses it (albeit with some caveats - in his words, "for Windows full-disk encryption it's [TrueCrypt], Microsoft's BitLocker, or Symantec's PGPDisk -- and I am more worried about large US corporations being pressured by the NSA than I am about TrueCrypt.") I personally have used it for several years - I use it to encrypt important personal and financial data in a manner that I can backup outside my home without fear it will be accessed). The beauty of TrueCrypt has been that it is portable, cross-platform, and not associated with a large US corporation that may be pressured by the government to embed backdoors. For the developers of this software to recommend using a Microsoft product is the epitome of unbelievable. Which is why so many don't believe we are seeing the whole picture.

What we know for sure:

  • Sometime in the early afternoon Wednesday May 28 (US time), the above warning was posted to the sourceforge repository for TrueCrypt. At approximately the same time, a new version of the TrueCrypt software was posted to sourceforge, and the web server at truecrypt.org changed to redirect all requests to truecrypt.sourceforge.com. This was done by way of a 301 "permanently moved" HTTP response header, the web site equivalent of a postal mail forwarding order.
  • The new version of TrueCrypt (version 7.2) appears to have been signed using the same digital certificate as was used to sign previous versions of the code. Specifically, it was signed with the same signature used to sign version 7.1a, the last "trusted" release in February 2012. A digital signature is just what it sounds like - a way to verify the author by comparing the signature with a known sample. Digital signatures work very similarly to encryption certificates as described here: the author signs code using a private key, and through a mathematical algorithm anyone can use a public key to verify the signature. The new version will ONLY decrypt an existing volume. All other functionality has evidently been removed.
  • DNS records do not appear to have been tampered with. A whois lookup on truecrypt.org shows that the domain was created in 2003, last updated on 22 November 2013, and valid though 2023. However, any and all HTTP requests to truecrypt.org (whether to a true page or a made-up page) are redirected to truecrypt.sourceforge.com. Email sent to the registrant address from whois is forwarded to [email protected] and bounces with the error "Recipient address rejected: User unknown in local recipient table." Email sent to arbitrary addresses admin, webmaster, and [email protected] bounce with the same error. Interestingly though, email to abuse and [email protected] did NOT bounce back. Perhaps there is still someone there ... or perhaps those addresses route to the great black hole.
  • According to the whois records, truecrypt.org is registered to a TrueCrypt Developers Association, LC, located in Drums, Pennsylvania. The IP address is hosted by LayeredTech in Plano, Texas. truecrypt.sourceforge.net is hosted by CenturyLink Technology Solutions (formerly known as Savvis), in Chesterfield, Missouri. Each of these cases would subject the company and the hosting provider to US government jurisdiction.
  • There had been a crowd-funded effort to independently audit the TrueCrypt code for backdoors and such. This was a good thing: encryption is used to hide all sorts of things both benign and malicious. For years there had been suspicion and conspiracy theories, and there is a growing public desire to keep some things private - particularly in light of what we have learned in the past year. My use of TC to store an encrypted backup of my personal and financial data offsite is a perfect example: there is nothing illegal in my backups, but I certainly don't want anyone (NSA-included) poking around my personal records. As of an update dated 04 March 2014, the code audit had concluded with promising results. Specifically, "Finally, iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas. The vulnerabilities described later in this document all appear to be unintentional, introduced as the result of bugs rather than malice." The second phase of the audit, cryptanalysis, is either underway or has recently concluded, but no report is yet available.

These are the facts. Interpreting the facts requires some imagination to fill in the gaps. While the full truth is not known (and in fact, it's possible will never be fully revealed), here are some of the prevailing theories.

  • This could be an elaborate hoax. It is possible a malicious actor compromised truecrypt.sourceforge.net, was able to insert the redirector into truecrypt.org, and either obtained the legitimate private key, or found a way to defeat it. I tend to agree with what others have suggested though: if a malicious actor were able to compromise the private keys for widely-used encryption software, would he or she waste that on a massive prank? Maybe, but that seems like a stretch.
  • This could be entirely true, an indication that the developers no longer were interested in maintaining the code, and decided to throw in the towel. Given some questions as to the software license and the origination of the crypto module, it may have been difficult legally to turn the entire code base over to the open source movement. It may also be that the cryptanalysis found something that the developers did not with to address.
  • There may have been a power struggle within the TrueCrypt Foundation. This actually seems quite plausible, and if true, leaves open the possibility that the remaining developers could regain control of the project and restore order. Restoring trust is an other matter though, especially considering that the developers have remained anonymous.
  • The TrueCrypt foundation may have received a visit from a US intelligence agency, and "burned the ships" rather than comply with a demand. I am not one for conspiracy theories, but there is actually a lot of credibility to this theory. Last August, Lavabit, a service that provided encrypted email, abruptly shut down citing government interference. In later interviews, the founder hinted by example that he may have received orders to turn over some client data to the US government, and chose to shutter the service rather than betray the users. According to a study a few years ago, full disk encryption is a significant hindrance to criminal investigators as well as national intelligence agencies, to the point that some say one agency treats anyone using encryption as suspicious.
No one that knows the full truth is speaking yet. Depending on what the truth is, it may never be completely revealed. But for now I can say don't install the "new" version of TrueCrypt, and if you have an interest in encryption technologies or conspiracy theories, grab some popcorn and watch as events unfold.

Update 2015-04-03:

After nearly a year of speculation, an independent audit group has completed a code audit and released a very positive report. Cryptographer Matthew Green summarized it by saying "TrueCrypt appears to be a relatively well-designed piece of crypto software. The NCC found no evidence of deliberate back doors, or any severe design flaws that will make the software secure in most instances."

This is very good news. While the audit group did find some issues with the code, they found none of the conspiratorial government back doors theorized by some. While this will mean different things to different people depending on their circumstances and their purpose in using encryption, for me, it means I can continue what I have been doing all along: using the last known good version of TrueCrypt (version 7.1a, released February 2012) for protecting sensitive personal information.

The complete report is available on the audit project website.