Stories
Slash Boxes
Comments

SoylentNews is people

Audit Reveals Significant Vulnerabilities for TrueCrypt and Successor VeraCrypt

posted by cmn32480 on Tuesday October 25 2016, @10:09PM   Printer-friendly
from the decrypt-this dept.

"exec" writes:

VeraCrypt security audit reveals many flaws, some already patched [Zeljka Zorz/Helpnet Security]

VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab.

The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report.

The code auditing effort analyzed VeraCrypt 1.18 and its bootloaders.

"A first step consisted in verifying that the problems and vulnerabilities identified by iSec and NCC Group in TrueCrypt 7.1a for the Open Crypto Audit Project had been taken into account and fixed," the Quarkslab researchers involved in the effort explained.

"Then, the remaining study was to identify potential security problems in the code specific to VeraCrypt. Contrary to other TrueCrypt forks, the goal of VeraCrypt is not only to fix the public vulnerabilities of TrueCrypt, but also to bring new features to the software."

A short overview of the issues found (fixed and still not fixed) can be found here. The audit report, with mitigations for still unpatched vulnerabilities, can be downloaded from here.

Are any Soylentils using Veracrypt and/or other forks of Trucrypt?

The full audit report: TrueCrypt Cryptographic Review[PDF] [Alex Balducci, Sean Devlin, Tom Ritter/Open Crypto Audit Project]

Previously:
Independent Audit: Newly Found TrueCrypt Flaw Allows Full System Compromise
No Backdoors Found in TrueCrypt
TrueCrypt Site Encodes Warning about NSA Infiltration
TrueCrypt Discontinued, Compromised?

-- submitted from IRC

Original Submission

 
This discussion has been archived. No new comments can be posted.
Audit Reveals Significant Vulnerabilities for TrueCrypt and Successor VeraCrypt | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Informative) by Anonymous Coward on Wednesday October 26 2016, @03:25AM

    by Anonymous Coward on Wednesday October 26 2016, @03:25AM (#418832)
    Seems to me Veracrypt is introducing bugs that are more serious and the Veracrypt coders seem to be of a lower grade than the Truecrypt coders.

    Yes Truecrypt has vulnerabilities but many of them do not apply for the "non-shared machine" scenario. If you are using disk encryption and you are sharing the machine live with other users (e.g. attackers have already pwned you) then you are doing it wrong.

    Item: "Weak Volume Header Key Derivation Algorithm"
    Use a passphrase just a few characters longer and you'd achieve the same thing as going from 1000 round PBKDF2[1] to a million rounds.

    Item: "Cache timing"
    "The only attack scenario where it would be possible to take advantage of a cache-timing is the case of physical machine hosting two virtual machines, one with a system entirely encrypted and the other controlled by an attacker."
    If the attacker has enough access and smarts to pwn you or your data in that scenario you are probably pwned by the attacker already through other easier ways.

    Item:"Multiple Issues in the Bootloader Decompressor"
    How is this a real problem?

    Item: "Sensitive Information Might Be Paged Out from Kernel Stacks"
    This is a problem but possible workarounds are to not enable paging, or to only page to encrypted drives.

    [1] if you want to fuck with those trying to brute force your stuff, what you can do is hash the passphrase then use the results to help determine the rounds for PBKDF2 (e.g. rounds= 2000+ (sha256(passphrase) mod 1000 ) ). It'll be fun to see them build ASICs to handle that.
    Starting Score:    0  points
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Total Score:   2  

  • (Score: 0, Interesting) by Anonymous Coward on Wednesday October 26 2016, @12:01PM

    by Anonymous Coward on Wednesday October 26 2016, @12:01PM (#418938)

    Seems to me Veracrypt is introducing bugs that are more serious and the Veracrypt coders seem to be of a lower grade than the Truecrypt coders.

    It's not clear to me whether these vulnerabilities are in features added since the Truecrypt fork, or if they're bugs in code inherited from Truecrypt itself.

    IIRC, the audit/s that Truecrypt underwent were only of specific subsystems, and not as thorough as this one.

    • (Score: 0) by Anonymous Coward on Wednesday October 26 2016, @06:44PM

      by Anonymous Coward on Wednesday October 26 2016, @06:44PM (#419087)

      That's because you didn't read one of the links supplied: http://blog.quarkslab.com/security-assessment-of-veracrypt-fixes-and-evolutions-from-truecrypt.html [quarkslab.com]

      Among the problems found during the audit, some must be corrected quickly:

              The availability of GOST 28147-89, a symmetric block cipher with a 64-bit block size, is an issue. This algorithm has been added in VeraCrypt 1.18. It is a 64-bit block cipher, contrary to the other block ciphers used in VeraCrypt. The XTS code has not been adapted for such ciphers, so VeraCrypt emulates a 128-bit block cipher by encrypting two 64-bit blocks in CBC mode with a zero IV, which in itself raises several issues. Furthermore, to reach the same level of security as its 128-bit counterpart, the amount of data to be processed should be no more than 512 bytes which is too small to be considered for a data at rest encryption system. GOST 28147-89 will be removed in version 1.19.