No Major Findings in TrueCrypt Audit

ylz655rupacbg72fw87oiSEC finally released the results of their audit on TrueCrypt. Below is the key paragraph in their announcement. Basically, the software did contain some some lower risk weaknesses however overall it fared well. Additionally, the audit did not show any evidence of intentional tampering. Next step … fix the identified low risk items.

via iSEC Partners

The audit conducted by iSEC is now complete and the findings are available now. iSEC did not identify any issues considered “high severity” during this testing. iSEC found no evidence of backdoors or intentional flaws. Several weaknesses and common kernel vulnerabilities were identified, including kernel pointer disclosure, but none of them appeared to present immediate exploitation vectors. All identified findings appeared accidental. Overall, iSEC does think changes can be made to improve code quality and maintainability, and that the build process should be updated to rely on recent tools with trustworthy provenance. In sum, while TrueCrypt does not have the most polished programming style, there is nothing immediately dangerous to report.

You can download the full report here.

#####

Today’s post pic is from Twitter.com.

5 comments for “No Major Findings in TrueCrypt Audit

  1. April 16, 2014 at 12:40 am

    No Major Findings in TrueCrypt Audit http://t.co/6fRU6Qs6jw

  2. April 16, 2014 at 1:44 am

    No Major Findings in TrueCrypt Audit http://t.co/7jtfKzzeDc via @feedly

  3. April 16, 2014 at 8:37 am

    No Major Findings in TrueCrypt Audit http://t.co/JEcW6jh8Gd

  4. April 16, 2014 at 12:01 pm

    No Major Findings in TrueCrypt Audit – see our post for more info http://t.co/N6j2XRX4VQ #infosec

  5. April 17, 2014 at 12:03 pm

    No Major Findings in TrueCrypt Audit – see our post for more info http://t.co/AVmalphmdi #infosec

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.