EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

10.18.13

Truecrypt Cannot be Audited Because It’s Proprietary Software

Posted in Free/Libre Software, Security at 8:37 am by Dr. Roy Schestowitz

Truecrypt

Summary: Why nobody should trust Truecrypt (or any other piece of proprietary software for that matter), even if it claims to have been “audited”

THE other day we alluded to Truecrypt in this post, not quite mentioning the holes in the argument that Truecrypt can be “audited” [1-3]. Unless everyone can view the code and compile it independently (or rely on others to do so independently), we must assume that Truecrypt is not secure and that it might contain back doors (either unidentified or deliberately planted). This whole Internet ‘debate’ about Truecrypt “audit” should remind us that Free software is vital for dodging surveillance.

The NSA has used corporations to facilitate snooping and it may not be alone [4]. This is happening at many levels [5-7] based on new leaks and revelations, so rather than look for evidence of insecurity (e.g. back door) we should pursue real assurance of security. You know what the spies like to tell us: if you have nothing to fear, you have nothing to hide, right? So come on, Truecrypt, share your source code. What have you got to hide?

Related/contextual items from the news:

  1. Should Truecrypt be audited?

    Truecrypt is a cross-platform, free disk encryption software for Windows and Unix-like operating systems. It is generally considered a good disk encryption software, and not too long ago, I wrote a tutorial that showed how to encrypt the Windows installation of a Windows-Linux dual-boot setup (see Dual-boot Fedora 18 and Windows 7, with full disk encryption configured on both OSs).

  2. New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks
  3. Can you trust ‘NSA-proof’ TrueCrypt? Cough up some dough and find out

    The source code for the Windows, Linux and Mac OS X utility is publicly available for people to inspect and verify, but this has not been enough to convince every cryptography guru that it’s entirely secure.

  4. After Snowden’s leaks, China’s Huawei calls for more transparency in the tech industry

    With all of the recent revelations about the US National Security Agency’s surveillance programs, it must be hard for the Chinese telecom equipment manufacturer Huawei not to gloat a little bit.

    After all, the leaks from former contractor Edward Snowden showed that the NSA enlisted US technology companies to enable its snooping on global telecommunications networks—which is exactly what US intelligence officials have accused Huawei of doing on behalf of the Chinese government.

  5. Europe Moves to Shield Citizens’ Data

    Lawmakers here have introduced a measure in the European Parliament that could require American companies like Google and Yahoo to seek clearance from European officials before complying with United States warrants seeking private data.

  6. Dutch Telcos Used Customer Metadata, Retained To Fight Terrorism, For Everyday Marketing Purposes

    One of the ironies of European outrage over the global surveillance conducted by the NSA and GCHQ is that in the EU, communications metadata must be kept by law anyway, although not many people there realize it.

  7. NSA Harvesting Contact Lists

    A new Snowden document shows that the NSA is harvesting contact lists — e-mail address books, IM buddy lists, etc. — from Google, Yahoo, Microsoft, Facebook, and others.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 22/5/2019: Mesa 19.0.5, Huawei and GNU/Linux, Curl 7.65.0, End of Antergos, Tails 3.14, ownCloud Server 10.2, Firefox 67.0

    Links for the day



  2. Quality of Patents is Going Down the Drain and Courts Have Certainly Noticed

    Uncertainty or lack of confidence in the patent system has reached appalling levels because heads of patent offices are just striving to grant as many patents as possible, irrespective of the underlying law



  3. EUIPO and EPO Abuses Growingly Inseparable

    'Musical chairs' at CEIPI and the EPO/EUIPO (Battistelli, Archambeau, Campinos) as well as joint reports never fail to reveal the extent to which EPO abuses are spreading



  4. Links 21/5/2019: China's GAFAM Exit, DragonFlyBSD 5.4.3

    Links for the day



  5. Links 20/5/2019: Linux 5.2 RC1, LibreOffice 6.3 Alpha, DXVK 1.2.1, Bison 3.4 Released

    Links for the day



  6. South Korea's Government Will Show If Microsoft Loves Linux or Just Attacks It Very Viciously Like It Did in Munich

    Microsoft's hatred of all things GNU/Linux is always put to the test when someone 'dares' use it outside Microsoft's control and cash cows (e.g. Azure and Vista 10/WSL); will Microsoft combat its longstanding urge to corrupt or oust officials with the courage to say "no" to Microsoft?



  7. Links 19/5/2019: KDE Applications 19.04.1 in FlatHub and GNU/Linux Adoption

    Links for the day



  8. The War on Patent Quality

    A look at the EPO's reluctance to admit errors and resistance to the EPC, which is its very founding document



  9. Watchtroll, Composed by Patent Trolls, Calls the American Patent System “Corrupt”

    Another very fine piece from Watchtroll comes from very fine patent trolls who cheer for Donald Trump as if he's the one who tackles corruption rather than spreading it



  10. Unified Patent Court Won't Happen Just Because the Litigation Microcosm Wants It

    Unified Patent Court (UPC) hopefuls are quote-mining and cherry-picking to manufacture the false impression that the UPC is just around the corner when in reality the UPC is pretty much dead (but not buried yet)



  11. Links 17/5/2019: South Korea's GNU/Linux Pivot, Linux 5.1.3

    Links for the day



  12. Q2 Midterm Weather Forecast for EPOnia, Part 4: Happy Birthday to the Kötter Group?

    This year the Kötter Group commemorates the 85th anniversary of its existence. But is it really a cause for celebration or would a less self-congratulatory approach be more fitting? And does it create the risk that a routine tendering exercise at the EPO will turn into Operation Charlie Foxtrot?



  13. Links 16/5/2019: Cockpit 194, VMware Acquires Bitnami, Another Wine Announcement and Krita 4.2.0 Beta

    Links for the day



  14. The EPO's Key Function -- Like the UPC's Vision -- Has Virtually Collapsed

    The EPO no longer issues good patents and staff is extremely unhappy; but the Office tries to create an alternate (false) reality and issues intentionally misleading statements



  15. Stanford's NPE Litigation Database Makes a Nice Addition in the Fight Against Software Patent Trolls

    As the United States of America becomes less trolls- and software patents-friendly (often conflated with plaintiff (un)friendliness) it's important to have accurate data which documents the numbers and motivates better policy; The NPE (troll) Litigation Database is a move towards that and it's free to access/use



  16. Q2 Midterm Weather Forecast for EPOnia, Part 3: “Ein kritikwürdiges Unternehmen”

    A brief account of some further controversies in which the Kötter Group has been involved and its strained relations with German trade unions such as Verdi



  17. EPO Had a Leakage Problem and Privacy of Stakeholders Was Compromised, Affecting at Least 100 Cases

    The confidentiality principle was compromised at the EPO and stakeholders weren't told about it (there was a coverup)



  18. Links 15/5/2019: More Linux Patches and More Known Intel Bugs

    Links for the day



  19. False Hope for Patent Maximalists and Litigation Zealots

    Patent litigation predators in the United States, along with Team UPC in Europe, are trying to manufacture optimistic predictions; a quick and rather shallow critical analysis reveals their lies and distortions



  20. The Race to the Bottom of Patent Quality at the EPO

    The EPO has become more like a rubber-stamper than a patent office — a fact that worries senior staff who witnessed this gradual and troublesome transition (from quality to raw quantity)



  21. Q2 Midterm Weather Forecast for EPOnia, Part 2: Meet the Kötters

    An introduction to the Kötter Group, the private security conglomerate which is lined up for the award of a juicy EUR 30 million contract for the provision of security services at the EPO



  22. Links 14/5/2019: Red Hat Satellite 6.5, NVIDIA 430.14 Linux Driver and New Security Bug (MDS)

    Links for the day



  23. Links 14/5/2019: GNU/Linux in Kerala, DXVK 1.2, KDE Frameworks 5.58.0 Released

    Links for the day



  24. Q2 Midterm Weather Forecast for EPOnia, Part 1: Urgent Shitstorm Alert

    Experts at the European Patent Office's (EPO) weather observation station have just issued an urgent alert warning about a major shitstorm looming on the horizon



  25. Patents That Were Gleefully Granted by the EPO Continue to Perish in Courts

    The decreasing quality of granted European Patents already becomes a growing problem if not a crisis of uncertainty



  26. Links 13/5/2019: ExTiX 19.5 and GNU Radio Conference 2019

    Links for the day



  27. The Microsoft Guide to the Open Source Galaxy

    Thou shalt not...



  28. Microsoft Would Kill the Goose for Money

    Microsoft is just 'monetising' Open Source by using it as 'bait' for Microsoft's proprietary software; those who we might expect to antagonise this have effectively been bribed by Microsoft



  29. Links 13/5/2019: Nanonote 1.2.0, OpenMandriva Lx 4.0 RC, and GNUnet 0.11.4

    Links for the day



  30. Professionally Incompetent EPO Management

    The EPO remains an awful employer, with top-level management largely responsible for the loss of talent and even money


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts