Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Encryption Data Storage Security

TrueCrypt Safer Than Previously Thought ( 42

An anonymous reader writes: Back in September, members of Google's Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt's code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have "far-reaching access to the system," with which they could do far worse things than exploit an obscure vulnerability.

The auditors say, "It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure." For other uses, the software "does what it's designed for," despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail.

This discussion has been archived. No new comments can be posted.

TrueCrypt Safer Than Previously Thought

Comments Filter:
  • by Anonymous Coward on Saturday November 21, 2015 @10:43AM (#50975495)

    Whoever you are, wherever you are: Thank You for developing an amazing piece of software and releasing it (and the source code) for free. You improved the right to privacy of millions of people around the world.

    There have been dozens of stupid, vulgar and insulting conspiracy theories about them ("Oh, they are NSA agents!"), the reality is that they must be generous and intelligent people, very rare in today's world.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Also, thank you for the canary, even when you did not set it up properly. (You should have had!)

      So far VeraCrypt is looking good, but I think I stick with TrueCrypt 7.1a for a while.

    • Didn't those same NSA agents also give us SELinux?

      That's the great thing about those nefarious organisations releasing open source software. It comes from the experts and yet can be audited.

    • by mlts ( 1038732 )

      Agreed. I also have nothing but respect for the TrueCrypt forum members as well, which had some highly intelligent discussions.

      What TrueCrypt brought to the table which few other programs do is the cross platform compatibility, where I can have a TC container created on a Linux box able to be opened and used on a Mac or a Windows machine. There are other utilities like FreeOTFE, but TrueCrypt was well maintained, and the hidden volume functionality is quite useful, especially for someone on a business tri

  • My biggest interest in using TrueCrypt or VeraCrypt is to secure portable drives I use for backup. In particular, because I want my most important documents to survive any catastrophe at home, I keep a backup on an encrypted flash drive I take with me whenever I leave the house. My hope is that if I lose that drive for some reason, only state-level actors would have any chance of success decrypting the volume, and they're not the people I'm trying to secure my data from. I'm more concerned that any mugge
    • by skegg ( 666571 )


      My primary reason for disk encryption is to protect my data from lost / stolen hardware.

      But another benefit is that it makes it that much easier disposing of obsolete storage.

  • Truecrypt was great in the day, but it has been superseded:

    "VeraCrypt is a free disk encryption software brought to you by IDRIX ( and that is based on TrueCrypt 7.1a." []
  • by stevegee58 ( 1179505 ) on Saturday November 21, 2015 @12:19PM (#50975807) Journal
    Let's get everyone using it again!

10.0 times 0.1 is hardly ever 1.0.