Skip to main content

Volunteers Hunt for Flaws in Cryptography Software

Credit: Maksim Kabakou

(Image credit: Maksim Kabakou)

LAS VEGAS — Good encryption software is not easy to make. but it's essential for keeping files, emails, Web traffic and financial and personal information safe on the Internet.

At the DEF CON 22 hacker conference here last week, security expert Kenneth White presented an update on the Open Crypto Audit Project, an effort by White and cryptographer Matthew Green to examine open-source cryptography software, check it for security issues and improve it for the Internet community.

White announced at DEF CON that the project will soon begin an audit of OpenSSL, the widely-used Web-encryption software library that accidentally created the recently discovered Heartbleed security bug.

MORE: How to Encrypt Your Files or Folders

Why audit open-source cryptographic software? Because many security experts simply don't trust it anymore — not after a series of documents leaked by Edward Snowden showed that the U.S. National Security Agency (NSA) has tried to "counter and undermine the use of ubiquitous encryption across the net," as the leaked documents read.

Since 2004, it had been suspected that an open-source random-number generator called DUAL_EC_DRBG, approved by the National Institute of Standards and Technology (NIST) and heavily supported by the NSA, contained a backdoor, or hidden security bypass. In the fall of 2013, documents provided by Snowden appeared to confirm this suspicion.

The holder of a certain secret number could unlock any encryption standard that used DUAL_EC_DRBG. Faith in the NSA, NIST, and any software using DUAL_EC_DRBG was shaken. (Random-number generators introduce an element of chance that is essential to effective cryptography.)

So Green and White decided to audit other open-source cryptographic software, beginning with the widely-used TrueCrypt. Since its initial appearance in 2004, TrueCrypt has had an air of mystery around it, because its creators went to great lengths to remain anonymous even as they revealed their code.

In his DEF CON presentation, White intimated he has an inkling as to the identities of TrueCrypt's creators, but would not discuss it. To explain why not, White showed the audience a slide of Dorian Nakamoto, the California man who in March 2014 was (probably) falsely identified as Satoshi Nakamoto, mysterious creator of the decentralized cryptocurrency Bitcoin.

MORE: What Is Bitcoin? An FAQ

Dorian Nakamoto briefly became the subject of intense scrutiny from the press and the Internet community, and allegedly suffered health complications as a result. White doesn't want the same thing to happen to TrueCrypt's creators.

Phase one of the TrueCrypt audit, conducted by San Francisco security firm iSEC Partners, Inc., ended in February. It didn't look at the cryptography per se — rather, it examined how cryptography was implemented.

It turned out there were several vulnerabilities in TrueCrypt's security. The most serious was the fact that sensitive information could be "paged out" from the program's kernel stacks. In other words: When you have TrueCrypt running and an encrypted volume is open, the keys to that volume are stored in the computer's memory.

So if, during that time, you hit a malicious website that has an exploit called an XML explosion, the attacker might be able to exhaust your computer's memory and force the computer to save those encryption keys to unencrypted disc space on your computer.

Other issues found include weak volume header key derivation, issues in the boot loader decompressor and a problem in the way the memset() function clears sensitive data.

But all of these security flaws would likely require an attacker to get physical access to the computer on which the volume is mounted, White said. Further, all of these flaws are found in other major full-disk encryption programs, including Microsoft's BitLocker and Apple's FileVault.

Overall, round one concluded that TrueCrypt contained "no evidence of backdoors or intentional flaws." 

"So far, so good," said White.

On May 28, TrueCrypt's website abruptly shut down, replacing its homepage with a notice reading, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues."

White told the audience he and Green were shocked.

However, they decided to move forward with Phase II of the TrueCrypt audit, led by Thomas Ptacek of Chicago's Matasano Security and Nate Lawson of Oakland's Root Labs, which will look at the actual cryptography in TrueCrypt.  After that, if the researchers find more serious flaws, they may begin work on a trusted fork (a development offshoot) of TrueCrypt, though White stressed that this is still just one of many post-audit possibilities.

White thanked the DEF CON audience for all its support of the Open Crypto Audit Project, including the $46,000 raised on crowdfunding site IndieGogo. He concluded by announcing the Open Crypto Audit Project's plans to audit OpenSSL. OpenSSL's creators have already patched the Heartbleed bug, but White's goal is to try to catch any other issues with the software.

"It's one of the most ambitious crypto audit projects in history. We're doing it," White said, to applause from the DEF CON audience.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.