US Government Refuses to Release TrueCrypt Audit Documents

TrueCrypt Audit - BBG FOIA

Note about the following FOIA (Freedom of Information Act) request:

Mathew Green (one of the founders of the Open Crypto Project) admits on his website that the Open Technology Fund is helping to finance the TrueCrypt Audit through donating contracted time.

Mathew Green, The Open Technology Fund has generously agreed to donate a substantial amount of contracted evaluation time to our effort.

On the website istruecryptauditedyet.com, an update was posted. The update said, And thanks to a matching donation by the Open Technology Fund the iSec team will be able to dedicate 5-6 weeks of full time analysis, beginning today.

It is important to note that TrueCrypt's audit by iSec Partners does not mention Radio Free Asia or the Open Technology Fund anywhere in the document. https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

The Open Technology Fund is a program of Radio Free Asia which is established and funded by the USCongress.

The Broadcasting Board of Governors (even though it it responsible for overseeing Radio Free Asia) has said it found no responsive documents to a FOIA (Freedom of Information Act) request filed by Polity News about the TrueCrypt audit. The Broadcasting Board of Governors has closed the FOIA (Freedom of Information Act) request.

None of this is surprising considering that the Broadcasting Board of Governors was involved in a contracts scandal last month. The State Department's Inspector General released a report showing the lack of open contracts, lack of transparency, and mismanagement of money.

Link to Mathew Green's blog where he mentions the Open Technology Fund:http://blog.cryptographyengineering.com/2013/12/an-update-on-truecrypt.html

Stories about Broadcasting Board of Governors contracts scandal Foreign Policy magazine -

http://blog.foreignpolicy.com/posts/2014/06/17/waste_and_abuse_of_power_at_the_broadcasting_board_of_governors_according_to_audit

Chicago Tribune - http://www.chicagotribune.com/sns-wp-wp-frgnp-bc-broadcast18-20140618,0,5088763.story

Some random thoughts about crypto. Notes from a course I teach. Pictures of my dachshunds.

A Few Thoughts on Cryptographic EngineeringFriday, December 20, 2013

Posted by Matthew Green at 3:16 PM

An update on TruecryptSeveral people have been asking for an update on our publicaudit of the Truecrypt disk encryption software. I'm happy tosay that the project is on track and proceeding apace. Here Iwanted to give a few quick updates:

Thanks to the amazingly generous donations of 1,434individual donors from over 90 countries, as of today,we've collected $62,104 USD and 32.6 BTC* towardsthis effort. This is an unbelievable response and I can'tthank our donors enough. I'm blown away that this ishappening.

1.

We've assembled a stellar technical advisory board tomake sure we spend this money properly andgenerally to keep us honest. More details shortly.

2.

In order to make best use of the donated funds and manage on-going governance of theproject, we've incorporated as a non-profit corporation in North Carolinathe Open CryptoAudit Project (OCAP)and are currently seeking 501c(3) tax-exempt designation. Boardmembers include myself, Kenn White (who has been doing most of the heavy organizationallifting) and the amazing Marcia Hoffman. We have high hopes that OCAP will find a purposebeyond this Truecrypt audit.

3.

The Open Technology Fund has generously agreed to donate a substantial amount ofcontracted evaluation time to our effort

4.

And finally, the most exciting news: we've signed a first contract with iSEC partners to evaluatelarge portions of the Windows software and bootloader code. This review will begin in January.

5.

Despite the progress above, there's still a lot of work to do. The iSEC review will cover a lot of thethorniest bits of the code, but we are still working to audit the core cryptographic routines of Truecryptand move the project onto a secure (deterministic) build footing. We hope to have furtherannouncements in the next few weeks.

Let me add one more personal note.

I usually take a pretty skeptical attitude on this blog when it comes to Internet security. For the mostpart we do things wrong, and I used to think most people didn't care. The fact is that I was wrong. Ifthe response to our audit call is any evidence, you do care. You care a lot.I can't tell you how amazed I am that any of this is happening.As far as I know, this is the first time that the Internet hascome together in this way for the purposes of making us all abit safer. I hope it's the beginning of a trend.

More updates to come.

* Incidentally, determining the dollar value of BTC is fun, funfun. We've been trying to responsibly sell these at the 'best'price. But, ugh. Donations (click to enlarge)

+75 Recommend this on Google

27 comments:Eric Martindale December 20, 2013 at 4:49 PM

Matthew GreenI'm a cryptographer andresearch professor atJohns HopkinsUniversity. I've designed

and analyzed cryptographic systemsused in wireless networks, paymentsystems and digital content protectionplatforms. In my research I look at thevarious ways cryptography can beused to promote user privacy.

My websiteMy twitter feedUseful crypto resourcesRSSBitcoin tipjarMatasano challenges

Journal of Cryptographic Engineering(not related to this blog)View my complete profile

About Me

On the NSALet me tell you the storyof my tiny brush with thebiggest crypto story of theyear . A few weeks ago I

received a call from a reporter a...

Here come the encryptionapps!It seems like these days Ican't eat breakfast withoutreading about some new

encryption app that will (supposedly)revolutionize our c...

Dear Apple: Please set iMessage freeNormally I avoid complaining aboutApple because (a) there are plenty ofother people carrying that flag, and (b) Ihonestly like Apple ...

RSA warns developers not to use RSAproductsIn today's news of the weird, RSA (adivision of EMC) has recommended that developers desist from using the(allegedly) 'backdoore...

Let's audit Truecrypt![ source ] A few weeksago, after learning aboutthe NSA's efforts toundermine encryption

Popular Posts

A Few Thoughts on Cryptographic Engineering: A... http://blog.cryptographyengineering.com/2013/1...

1 of 6 07/29/2014 04:11 PM

Replies

Reply

Replies

Reply

Replies

> * Incidentally, determining the dollar value of BTC is fun, fun fun. We've been trying toresponsibly sell these at the 'best' price. But, ugh.

This is interesting; can you provide some insight as to why you want to sell the donatedBTC?Reply

Anonymous December 20, 2013 at 5:02 PMWhy wouldn't you? Most people don't accept Bitcoin as a valid form of payment,and for good reasons (hint: one very big reason is in the first sentence youquoted).

Anonymous December 20, 2013 at 8:38 PMThe BTC isn't for their personal use, and the companies they're going to beworking with probably prefer to be paid in cash, not cryptocurrency.

dionyziz December 20, 2013 at 11:55 PMWhile bitcoin is not usually accepted by the general population as a form ofpayment, people who do security- and cryptography-related work are ofteninterested in bitcoin and accept it as a form of payment. Please consider paying inbitcoin directly.

Anonymous December 21, 2013 at 6:13 AMNo, armchair security and cryptographers are interested.

Anonymous December 20, 2013 at 5:26 PMTiming the market doesn't work well as a general strategy, I don't see any reason to thinkthere's anyone that can do it for BTC.

And assuming that's not possible, my thought would either be dollar cost averaging inreverse - sell $5000 worth of BTC every Monday (or whatever) until it's gone. Or just crossyour fingers and sell at the current market price and don't second guess yourself.Reply

Anonymous December 28, 2013 at 11:08 AMOf course people do it with BTC. A lot of people sold at $1200 when the bad Chinanews came out.

Anonymous December 20, 2013 at 8:28 PMWhy are you incorporating in America? If you found a large section of code commented "NSAput this here" (proverbially, of course), the NSA could threaten you with jail-time or worse forrevealing it. Shouldn't you incorporate somewhere that respects internet freedom... (likeMars, perhaps :-( )Reply

Jesse Crawford December 20, 2013 at 9:07 PM

software , I wrote a long post urgingd...

Attack of the week: OpenSSLHeartbleedOuch. (Logo from heartbleed.com ) Istart every lecture in my security classby asking the students to give us anyinteresting security ...

Zerocoin: making BitcoinanonymousThis is what it's like to dieof stupid. Wow, what theheck is going on with

Bitcoin? When I started this post, thevalue of a si...

Attack of the week: RC4is kind of broken in TLSUpdate: I've added a linkto a page at RoyalHolloway describing the

new attack. Listen, if you're using RC4as your primary c...

An update on TruecryptSeveral people have beenasking for an update onour public audit of theTruecrypt disk encryption

software. I'm happy to say that the ...

Can Apple read youriMessages?(source: Gizmodo ) Abouta year ago I wrote a shortpost urging Apple to

publish the technical details ofiMessage encryption. I...

My Blog ListSchneier on SecurityThe Costs of NSA Surveillance2 hours ago

Shtetl-OptimizedUS State Department: Let incryptographers and other scientists3 days ago

Bristol Cryptography BlogCSF day 46 days ago

root labs rdistTiming-safe memcmp and APIparity5 weeks ago

ellipticnewsCRYPTO and ANTS acceptedpapers1 month ago

The MPC LoungeAarhus MPC Workshop 14, Friday2 months ago


2 of 6 07/29/2014 04:11 PM

Reply

Replies

The people are in the US, the money is in the US. incorporating in another countrywouldn't change that situation at all, it'd just make it look like a tax shelter.

Paul William Tenny December 21, 2013 at 11:22 AMAnon, the NSA is not a law enforcement agency. It's not the FBI (arrest) orDepartment of Justice (prosecution), it can't itself threaten anyone with prison.

Besides that, anything that OCAP or iSEC finds and releases would be protectedby the first amendment in the United States, a protection that many other countriesdon't have. (Ask The Guardian about that.)

NSA might begin surveillance of OCAP (if it hasn't already), but that's just about allit can do.

Anonymous December 21, 2013 at 2:35 PMYou should use a warrant canary to let us know that you haven't been told not toreveal a flaw you find.

Anonymous December 20, 2013 at 11:05 PMany thoughts on supporting FOSS projects that can create and manage truecrypt formattedencrypted volumes?[1][2][3]

truecrypt encrypted volume format is known,why not work on alternatives that can create andopen truecrypt volumes along side verifying truecrypt code? If truecrypt code can not betrusted,then the next best thing is to have alternatives to it that can manage truecryptvolumes for compatibility.

[1] https://github.com/bwalex/tc-play[2] http://code.google.com/p/cryptsetup/[3] http://code.google.com/p/zulucrypt/Reply

Paul William Tenny December 21, 2013 at 11:26 AMWhat would be the point if those projects haven't also been audited? (Honestquestion.)

Anonymous December 21, 2013 at 2:30 PMhaving multiple implementations of the same thing is a form of "auditing" since"cover ups" will show up from incompatibilities with other implementations.Unlessif you think all these projects are a part of the conspiracy to hide the truth,thenagain,what then would be the point of all this exercise this post is talkingabout?they could also be part of the cover up.

Paul William Tenny December 21, 2013 at 3:56 PMI disagree that simply having multiple independent implementations is a form of, ora substitute for auditing code. It's no guarantee that all implementations arecorrect, much less secure. They could all be flawed, even unintentionally. It's notany kind of conspiracy theory and coverup is required for people to make mistakesindependent of each other.

The only way to know if code is secure is to audit it, ideally multiple times, so thereal question is which product is more deserving of the available resources. It'skind of a moot question though since funds were raised for this project based onthe promise that TrueCrypt would be audited, not tc-play or one of these others.

CryptanalysisSSL/TLS broken again Aweakness in the RC4 streamcipher1 year ago

ChargenFlint 1.1.0 Available4 years ago

Subscribe

Posts

Comments

Join this sitewith GoogleFriendConnectMembers (152)

More

Already amember? Sign in

Followers

2014 (6) 2013 (23)

December (4)A few more notes on NSA

random numbergenerators

Can hackers decryptTarget's PIN data?

An update on TruecryptHow does the NSA break

SSL?

October (1) September (4) August (1) July (1) June (2) May (1) April (2) March (2) February (3) January (2)

2012 (48) 2011 (39)

Blog Archive


3 of 6 07/29/2014 04:11 PM

Reply

Given it's feature set and usage base, TC would probably be the best choiceanyway.

Anonymous December 21, 2013 at 5:18 PMNot wishing to go into a debate with you on this so i just though i should add whatis below for those who may be interested on mentioned project's and how theywork.

There are two things as far as truecrypt is concerned,there is the truecryptencrypted volume format and truecrypt binary program that has internalimplementation of crypto necessary to parse the encrypted format and encryptionand decryption of data to and from disk.

The format is known and those mentioned projects do create/parse it.Theseprojects have a dependency on libgcrypt or openssl as providers of crypto routinesthat are necessary in parsing the volume format.

Once the format is parsed to obtain necessary information to create kernelmanaged encryption mappers,the information is passed to the kernelinfrastructures that deals with block device encryption and the kernel is the oneresponsible for encryption and decryption of data to or from the disk.

So as far as crypto routines are concerned in these projects,you are talking aboutcrypto routines in kernels and projects like libgcrypt or openssl and i think theseprojects are trusted and have been scrutinized enough.

TrueCrypt in linux gives an option to use their crypto or linux kernel's crypto.Tcplayuses linux kernel crypto in linux and bsd kernel crypto in BSD.If somebody can bebothered to parse truecrypt volume format in windows,it should be possible to usewindow's crypto to do block device encryption on truecrypt formatted volumes orthe same in OSX.

Its possible all these block device crypto routines are flawed in the same exactway masking the problem but its highly unlikely and if it is so,the auditors couldtoo,make the same mistake continuing the masking of the problem.

Dr Gareth Owen December 23, 2013 at 12:38 AMDon't forget pytruecrypt :-)

https://github.com/drgowen/pytruecrypt

Very small code base easily auditable (ignoring crypt dependencies).

Jimmy December 21, 2013 at 12:32 AMI find it rather ironic that the Open Technology Fund claims to fight against illegitimatesurveillance, but their entire existence is the result of the US, the NSA and the CIA.Reply

Anonymous December 21, 2013 at 1:35 AMTrueCrypt is nice, but with closed BIOS / UEFI (PKI) you're not protected at all.Reply

Anonymous December 21, 2013 at 2:41 AMJust a quick question.


4 of 6 07/29/2014 04:11 PM

Replies

Reply

Is there a link somewhere I can still donate and with Paypal?Reply

Matthew Green December 21, 2013 at 6:10 AMThe Fundfill site is still open. I don't know about PayPal: https://www.fundfill.com/fund/4-spzFJdDQk211KJDAUfcOw==#

Anonymous December 21, 2013 at 10:44 AMSince this project is basically a trust-based endeavor, and you have selected a US Company(iSEC) to do the code review - a commercial outfit that may be subjected to all kinds of "politerequests" from various agencies - it might be prudent to at least ask them to post a warrantcanary on the project page and to certify each report that no external offers, requests, ordemands have taken place.Reply

Anonymous December 21, 2013 at 6:45 PMAs one of the contributors, I want to thank you and everyone else working on this as well asmy fellow contributors. I look forward both to the results of the audit and to the possibility thatyou may be able to create an organization and a process to do this kind of work on anongoing basis. On a final, somewhat less pleasant note: As you are no doubt aware, a largemeasure of trust (not to mention money) has been given to the collective "you" by peoplewho have had their trust and money abused in the past. Please, please, please ensure thateverything the collective "you" does is beyond reproach -- and is seen to be beyond reproach-- even if it takes longer and costs more. The success or failure of this endeavor actually hasnothing to do with TrueCrypt at all; but rather with the possibility of trust and integrity in publiclife in general and with technology in particular. Good Luck!Reply

Dr Gareth Owen December 23, 2013 at 12:37 AMWill the 'results' of the audit be published openly, rather than just "yes it looks fine?"Reply

Anonymous December 23, 2013 at 8:23 AMPlease post the BTC address for sending donations.Reply

Anonymous December 28, 2013 at 2:39 PMIt is amazing. So a lot of people around the world donated some money, and we learn nowthat the code will be audited by US organizations / companies.

As an European citizen, I am very upset. Will people learn? US cannot be trusted anymore,including "independent" organisations.Reply

Anonymous January 16, 2014 at 8:30 AMCondemning a whole country due to the actions of a few? Apparently, using that logic, thewhole of Europe is populate with idiots. Fascinating.Reply


5 of 6 07/29/2014 04:11 PM

Newer Post Older PostHome

Subscribe to: Post Comments (Atom)

Comment as: Select profile...

PublishPublish PreviewPreview

Awesome Inc. template. Powered by Blogger.


6 of 6 07/29/2014 04:11 PM

US Government Refuses to Release TrueCrypt Audit Documents

Documents

Transcript of US Government Refuses to Release TrueCrypt Audit Documents