Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Did anybody give this a thorough read and can give a cliff notes on the results? How did Truecrypt do - good/bad/indifferent?


All things considered, pretty good.

No massive exploits; the worst problem was using too small a number of iterations of a keygen.

There were a bunch of other minor problems, but most of them were information disclosure only trigger-able by malicious software running in the encrypted environment (ex: finding out if a file you don't own exists) or things that could only be triggered by someone with raw access to the hard drive (at which point they could just overwrite your bootloader)

Although this explicitly doesn't cover a large chunk of TC.


tl;dr

Follow TrueCrypts recommendations (FDE, long password) and you're mostly fine. The only things that can make it better require program changes.


Vulnerability Summary

  Total High severity issues Zero (0)
  Total Medium severity issues Four (4)
  Total Low severity issues Four (4)
  Total vulnerabilities identified Eleven (11) (incl. three (3) Informational)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: