Notices


Reply
Thread Tools
Posts: 330 | Thanked: 556 times | Joined on Oct 2012
#61
Originally Posted by minimos View Post
And the work is *partially* done: http://istruecryptauditedyet.com/
(but note also that it required the initiative of a few important cryptographers and donations for about 50000 USD to fund the auditing in order to start the project)
Yes, that is quite good. The implications I suppose are that if they perform the audit on 7.1a, the results will only be valid for binaries built exactly with that source. Any changes to the source would need to be audited as well.

But as long as 7.1a is proven solid, I think that should be enough for most people.

Then there is the question of any libraries TrueCrypt may use. I'm not familiar with the code, but I guess it's not a monolithic statically compiled chunk of code.

Last edited by malfunctioning; 2014-10-13 at 17:53.
 

The Following User Says Thank You to malfunctioning For This Useful Post:
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#62
Well, it's great that the independent audit found nothing:

http://www.itworld.com/article/29874...ompromise.html
 

The Following 6 Users Say Thank You to szopin For This Useful Post:
Posts: 646 | Thanked: 1,124 times | Joined on Jul 2010 @ Espoo, Finland
#63
Originally Posted by szopin View Post
Well, it's great that the independent audit found nothing:

http://www.itworld.com/article/29874...ompromise.html
CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by
abusing drive letter handling.
CVE-2015-7359: Local Elevation of Privilege on Windows caused by
incorrect Impersonation Token Handling.

No Windows, no cry
 

The Following 6 Users Say Thank You to minimos For This Useful Post:
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#64
Originally Posted by minimos View Post
No Windows, no cry
Too noob to properly answer but this comes close:
https://www.reddit.com/r/netsec/comm...nfhn?context=3
 

The Following 2 Users Say Thank You to szopin For This Useful Post:
Posts: 735 | Thanked: 1,054 times | Joined on Jun 2010
#65
I'm beginning to get interested in the post-crypt projects like veracrypt.

however, i have two concerns:
1. that backwards compatibility is lost
2. that the chosen project has a real community/future

is there a front-runner recognised?
 

The Following User Says Thank You to Jedibeeftrix For This Useful Post:
pichlo's Avatar
Posts: 6,447 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#66
As someone who used to write and maintain Windows FS drivers, I can 100% back up this statement from that thread:

The programming error that allows escalation isn't in Windows, it's in *crypt.
At least the first part of bezelbum's answer is absolutely spot-on. I have never written a Linux driver and as such cannot compare the relative merits of the two OSes from this perspective but I suspect that the second part of his answer, where he talks about how difficult it is to write a safe driver, has more to do with how much effort people put into breaking it than with any inherent security. All the Windows drivers exploits I have seen were of an extremely convoluted kind. I mean, if people put the amount of effort to find that into finding similar vulnerability in other OSes, I would be very surprised if they did not find at least half a dozen.
 

The Following 2 Users Say Thank You to pichlo For This Useful Post:
Posts: 92 | Thanked: 144 times | Joined on Apr 2014
#67
Sorry that it is not related directly to the latest conversation, yet Truecrypt 7.1 always crashed when trying to mount a truecrypt partition, wether I was on CSSU Stable, Vanilla, Thumb, (all power kernel 53) running as root, running as user..still would love to use it, if anyone has any suggestions, feel free to PM
 
Reply

Tags
cryptography, encrypted, kernelcrypto, security, truecrypt

Thread Tools

 
Forum Jump


All times are GMT. The time now is 10:47.