This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity.
iSEC Engages in TrueCrypt Audit
23 Dec 2013 – Tom Ritter
Is TrueCrypt audited yet? It’s finally happening.
For the past few months, there has been much ado about TrueCrypt, the popular open-source encryption software. Despite being the most widely-used and simplest encryption software around, the security of its source code and binaries has come into question. The groundswell of interest from the security community became a crowdsourced campaign to have TrueCrypt undergo a professional security audit.
Today, we are excited to announce that iSEC Partners will be participating in that audit!
iSEC is both honored and fortunate to be part of the security audit of TrueCrypt. Our task will be to pore over the 70,000+ lines of source code, helping answer outstanding questions the security community has about the software’s foundations. iSEC will be focusing on the Windows kernel code, the bootloader, the filesystem driver, and the areas around this code. Our efforts will complement the analyses being performed by others on other parts of the software.
The speed with which funds were raised underscores the importance of this project to the community. This audit is part of a broad plan to transform TrueCrypt from a “seems okay” solution into a trusted project with reproducible, trusted builds available to all. Being part of this effort is an opportunity iSEC does not take for granted. TrueCrypt is, as others have said, “too important to have this little transparency”. iSEC is excited to help bring more trust and transparency to TrueCrypt!