truecrypt... i NSA?

wpadł mi właśnie w ręce arcyciekawy dokument. cytuję go:

As remarked in this table the Windows version of TrueCrypt 7.0a deviates from the Linux version in that it fills the last 65024 bytes of the header with random values whereas the Linux version fills this with encrypted zero bytes. From the point of view of a security analysis the behavior of the Windows version is problematic. By an analysis of the decrypted header data it can't be distinguished whether these are indeed random values or a second encryption of the master and XTS key with a back door password. From the analysis of the source code we could preclude that this is a back door. For the readability of the source code this duplication of code which does the same thing in slightly different ways was however a great impediment. It certainly must also hamper the maintainability of the code. As it can't be ruled out that the published Windows executable of TrueCrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt 7.0a” we however can't preclude that the binary Windows package uses the header bytes after the key for a back door. The Linux version does not have that problem with these bytes as their decryption to zero proves that they don't hide a duplicate key.

jaki sens miałoby osadzenie backdoora tylko w wersji Windowsowej? może duży. może niewielki. dobrze, że Matthew się za to zabrał.

Łukasz Bromirski

Read more posts by this author.

Warszawa, Polska