Skip to main content

What crept into the crypt? TrueCrypt bugs may finally have been discovered

18 months on those nasty truecrypt bugs have been found
Image used with permission by copyright holder
A year and a half ago, users of the TrueCrypt encryption software were shocked to find the long-time developers had quit, stating that they could no longer continue to develop a standard that contained ‘unfixed security issues.’ Understandably they didn’t reveal what those problems were, as doing so would have made the software’s many users vulnerable, but now, we can report on what those bugs actually were.

Discovered by security researcher James Forshaw, the two vulnerabilities in the system could be used to compromise the machine of a TrueCrypt user. While neither would make it possible to decrypt drives protected with the TrueCrypt software, the vulnerabilities would have allowed for the installation of malware on a user’s machine, which would be enough to potentially figure out their decryption key and other sensitive data.

Recommended Videos

https://twitter.com/tiraniddo/status/648293501050986496

Please enable Javascript to view this content

Forshaw later clarified that he didn’t suggest the bugs were put in intentionally to test auditing measures, but that the fact it had passed so many checks suggested that the audits weren’t stringent enough.

For anyone worried about these bugs, the best thing to do is move over to one of the TrueCrypt successors. As ExtremeTech points out, one solution, VeraCrypt, has patched out these bugs and uses the same codebase as TrueCrypt, so should be pretty familiar.

However, that would suggest that these security concerns weren’t necessarily what sent the developers away from their long-time encryption platform. Surely if they were so easy to patch out, it wouldn’t cause them to jump ship. Maybe they contributed to it, but it would seem likely that there are other security concerns that may have yet to be discovered in the code base.

Do you think this sort of bug would be enough to cause the people who had worked on TrueCrypt for so long look to find themselves another gig?

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Windows PCs now works with the Quest 3, and I tried it out for myself
i tried windows new mixed reality link with my quest 3 alan truly sits in front of a pc and adjusts virtual screen while wear

Microsoft and Meta teamed up on a new feature that lets me use my Windows PC while wearing a Quest 3 or 3S, and it’s super easy to connect and use. I simply glance at my computer and tap a floating button to use Windows in VR on large displays only I can see.

Meta’s new Quest 3 and 3S are among the best VR headsets for standalone gaming and media consumption. When I want more performance or need to run one of the best Windows apps that aren’t yet available in VR, I can connect to a much more powerful Windows PC.
Setting up Mixed Reality Link
Scanning Microsoft's Mixed Reality Link QR code with a Meta Quest 3 Photo by Tracey Truly / Digital Trends

Read more
How to transfer your books from Goodreads to StoryGraph
Front page of a book on Onyx BOOX Go 10.3 tablet.

Goodreads has been the only game in town for Android and iOS book-tracking for a long time now, and like most monopolies, it has grown old and fat. Acquired by Amazon in 2013, avid book readers have had lots to complain about in recent years, with the service languishing unloved, with no serious updates and an aging interface. It's been due some serious competition for a long time, and lo and behold, some has arrived. StoryGraph is a book-tracking app that offers everything you'll find on Goodreads but with an algorithm that lets you know about what you might love, and adds features any bibliophile will know are essential — like a Did Not Finish list.

Read more
I played Black Myth: Wukong on the new MSI handheld to prove it was possible
Black Myth: Wukong running on the MSI Claw 8 AI+.

I scoffed when MSI put the Claw 8 AI+ in my hands with Black Myth: Wukong selected. I'd spent 80 hours in the game on my full desktop packing an RTX 4090, and I knew just how demanding the game was. It's a pipedream for a handheld gaming PC.

I pressed Continue and loaded up at the Pool of Shattered Jade rest point -- the ideal spot to farm; if you know, you know -- and proceeded to run up to the cocoons spotted around the area, unleash my spirit ability, and run back. Sitting in a dimly-lit New York City bar, I continued the loop a few more times. I'd done plenty of farming in the game before.

Read more