It may appear that 2014 is shaping up as ‘Year of the Crypto Catastrophe’. Closely following Heartbleed we are now monitoring the unfolding and curious events surrounding the sudden shutdown of the TrueCrypt project.
TrueCrypt (or TC) has long been a ‘go to’ open source encryption solution to provide a quick solution for protecting data.
Whilst details are very sketchy, it would appear that the TC binaries have been updated to only allow reading from TC volumes, with a warning that TC is no longer safe.
Asterisk’s recommendations at this point are:
- Do not download or update TC right now! (version 7.1a seems to be the most recent version released before the current incident)
- Determine your organisation’s current exposure: assess usage of TC, search for any TC volumes in your fleet (note that TC volumes can be hidden)
- Take steps to ensure any data secured by TC is backed up in a manner which ensures you can recover the contents
- Assess your data encryption requirements: why are you using crypto, what are you protecting data from (casual observer, laptop/drive theft, targeted information theft), what platforms & what functionality is required?
- Assess alternate solutions, and prepare a strategy to move
- Determine the appropriate trigger and time frame for your organisation to change encryption solution
Until more concrete facts emerge, we have captured some of the timeline of this very intriguing story as it unfolded.
Approximately 5 hours ago (3:30am West Australian Time) this tweet landed:
Wow, Truecrypt website says that development was ended and that using it is insecure. Scary. http://t.co/oGnQHmIWYz
— Frederic Jacobs (@FredericJacobs) May 28, 2014
https://twitter.com/FredericJacobs/status/471735604883890176
thegrugq then provides an archive of the page:
Archive of http://t.co/0NpdpMKZbv in case people can’t read it: http://t.co/CFmXURG1Kl
— the grugq (@thegrugq) May 28, 2014
https://twitter.com/thegrugq/status/471741930271809536
Some information about the new binary that is available on the TC website lands:
The signature of the TrueCrypt .exe was made on Tue May 27 12:58:45 2014 EDT using DSA key ID F0D6B1E0.
— Runa A. Sandvik (@runasand) May 28, 2014
https://twitter.com/runasand/status/471741572909133824
Speculation about what’s going on starts to happen:
I have no idea what's up with the Truecrypt site, or what 'security issues' they're talking about. @kennwhite
— Matthew Green (@matthew_d_green) May 28, 2014
https://twitter.com/matthew_d_green/status/471741836722073600
and investigation around what actually got uploaded starts:
For the curious the unidiff between 7.1a and 7.2 source is here: https://t.co/tkCdTjfcNw #TrueCrypt
— Arrigo Triulzi (@cynicalsecurity) May 28, 2014
https://twitter.com/cynicalsecurity/status/471742274742013952
The investigation continues:
Here's a copy of TrueCrypt's public key that I downloaded many months ago. I suspect it will be useful now: https://t.co/MblgU4uzYX
— Taylor Hornby (@DefuseSec) May 28, 2014
https://twitter.com/DefuseSec/status/471742363212083200
Another diff:
Just pushed a new version of the unidiff with whitespace changes removed, thanks @MiodVallat for pointing it out… https://t.co/tkCdTjfcNw
— Arrigo Triulzi (@cynicalsecurity) May 28, 2014
https://twitter.com/cynicalsecurity/status/471743401361436674
Confirmation that the new binaries were signed by the real PGP key:
https://twitter.com/hdmoore/status/471744014069145600
https://twitter.com/hdmoore/status/471744014069145600
What happens when you try to install the new TC:
Here's the message you get if you attempt to install TrueCrypt 7.2: http://t.co/rr4YJOnIUW
— Runa A. Sandvik (@runasand) May 28, 2014
https://twitter.com/runasand/status/471744625690951681
xabean links to github to better highlight the changes:
Because reading diffs is hard: truecrypt 7.1a v.s. 7.2 on github: https://t.co/vJz3iG7p9i
— Rich 'mtfnpy' Harman (@xabean) May 28, 2014
https://twitter.com/xabean/status/471746558703448064
Archer has some great advice:
If you downloaded TrueCrypt recently you better call Kenny Loggins – 'cause you're in the DANGER ZONE!
— InfoSec Archer (@ArchrOnSecurity) May 28, 2014
https://twitter.com/ArchrOnSecurity/status/471751244609257472
News articles begin:
Confirmation on the new functionality:
Seems like TrueCrypt 7.2 will only let you decrypt data and migrate existing volumes, not create new ones.
— Runa A. Sandvik (@runasand) May 28, 2014
https://twitter.com/runasand/status/471771828130963456
Luckily, thegrugq already gave us information about TC alternatives:
"@MisterCh0c: On #Truecrypt alternatives http://t.co/eR1zS9aQVB #infosec #security #privacy" @thegrugq to the rescue 7 months in the past
— Wesley McGrew (@McGrewSecurity) May 28, 2014
http://grugq.tumblr.com/post/60464139008/alternative-truecrypt-implementations
https://twitter.com/McGrewSecurity/status/471789973398507522
and now the speculation has started:
https://gist.github.com/ValdikSS/c13a82ca4a2d8b7e87ff
With an interesting line in the new 7.2 code pointed out by a guy on IRC:
https://github.com/warewolf/truecrypt/compare/master…7.2#diff-889688bf127e7a198f80cbcec61c9571L16
Now, this is still early days, so we’re expecting this news to change as more information starts to surface.
UPDATE:
KrebsonSecurity did an interview with Matthew Green (the guy who is heading the audit project for TrueCrypt) and had some additional information. He still plans to continue the audit.
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/
UPDATE 2:
And looks like this is the best explanation we are going to have around the TrueCrypt situation:
@matthew_d_green get a reply yet? Shocked, but received 2 replies from an e-mail previously used by a "David". "There is no longer interest"
— Steven Barnhart (@stevebarnhart) May 30, 2014
https://twitter.com/stevebarnhart/status/472192457145597952
@stevebarnhart Today?
— Matthew Green (@matthew_d_green) May 30, 2014
https://twitter.com/matthew_d_green/status/472193658842673152
@matthew_d_green Yes. I e-mailed this morning and just received a second reply 10 mins ago.
— Steven Barnhart (@stevebarnhart) May 30, 2014
https://twitter.com/stevebarnhart/status/472193800874758144
@stevebarnhart Well ask him if the audit had anything to do with it.
— Matthew Green (@matthew_d_green) May 30, 2014
https://twitter.com/matthew_d_green/status/472194641136087040
@matthew_d_green Doubt it. He said Bitlocker is "good enough" and Windows was original "goal of the project". No mention of audit in reply.
— Steven Barnhart (@stevebarnhart) May 30, 2014
https://twitter.com/stevebarnhart/status/472195239005147136
@stevebarnhart Ask him if he'd be willing to re license under BSD/MIT.
— Matthew Green (@matthew_d_green) May 30, 2014
https://twitter.com/matthew_d_green/status/472198235679764481
@matthew_d_green I asked and it was clear from the reply that "he" believes that's harmful because only they are really familiar w/code.
— Steven Barnhart (@stevebarnhart) May 30, 2014
https://twitter.com/stevebarnhart/status/472198615579234304
@stevebarnhart Tell them we only want the GUI and boot loader
— Matthew Green (@matthew_d_green) May 30, 2014
https://twitter.com/matthew_d_green/status/472198897058590721
@matthew_d_green diplomatic orig reply. "personally" feels that fork is harmful. "The source is still available as a reference though"
— Steven Barnhart (@stevebarnhart) May 30, 2014
https://twitter.com/stevebarnhart/status/472200184433483776
@matthew_d_green 1 more "I were happy with the audit, it didn't spark anything. We worked hard on this for 10 years, nothing lasts forever."
— Steven Barnhart (@stevebarnhart) May 30, 2014
https://twitter.com/stevebarnhart/status/472200478345150464
