Second round of TrueCrypt encryption audits to start soon

An audit of various parts of the encryption tool TrueCrypt will soon start, two security researchers have announced. This second round of audits was delayed after the anonymous developers behind TrueCrypt unexpectedly stopped development.

Cryptography expert Matthew Green and researcher Kenn White started a crowdfunding campaign in 2013 to raise money for a security investigation into the source code of TrueCrypt. They wanted to verify that there were no backdoors or other flaws in the open source encryption tool. The campaign was a success; $70,000, approximately $61,000, was raised, much more than the $25,000 hoped for.

The results of the first audit round, conducted by the firm iSEC Partners, were presented in April last year. While it identified some issues, backdoors and malicious code were not found. The next step should be an investigation into the cryptographic mechanisms in TrueCrypt, but plans for this were seriously delayed when the anonymous development team suddenly stopped further development of the tool in May last year for unknown reasons.

The initiators of the audit remained silent for a long time, but they have now announced that they have used the long pause to develop a ‘plan B’. The aim is now to engage the NCC Group. This company is going to check the source code of TrueCrypt 7.1a. The audit will begin shortly, the two researchers promise.

In addition to the audit, Green and White will examine a number of parts of the source code. In this way the random number generator is held up to the light. This investigation must be complementary to the NCC Group audit.