TrueCrypt Safer Than Previously Thought

0
479

An anonymous reader writes: Back in September, members of Google’s Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt’s code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have “far-reaching access to the system, ” with which they could do far worse things than exploit an obscure vulnerability. The auditors say, “It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure.” For other uses, the software “does what it’s designed for, ” despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail. Read more of this story at Slashdot.

See more here:
TrueCrypt Safer Than Previously Thought

LEAVE A REPLY

Please enter your comment!
Please enter your name here

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.