In 2010 the Federal Office for Information Security (BSI) had the free, long popular encryption software Truecrypt analyzed in detail. The authority never made the results public. Only a recent request for the Freedom of Information Act showed that the 400-page report actually exists.
It describes numerous minor security problems in the software that were previously unknown. The developers of Truecrypt had apparently not been interested in this information, the Veracrypt follow-up project was not aware of the report.
Truecrypt software has a varied history. The comparatively easy-to-use program, which can be used to encrypt hard drives and files locally, was provided by originally anonymous developers including the source code. The code allows use with some restrictions, so the program is not considered free software or open source software. Years later it turned out that one of the developers was probably a drug dealer named Paul Le Roux.
Truecrypt has a successor: Veracrypt
In the wake of the Snowden revelations, many wondered how secure encryption tools are and which ones could be cracked by intelligence agencies. Truecrypt was particularly suspicious because it came from anonymous developers. But the publicly available source code made it comparatively easy to check the security of the software. For example, cryptography professor Matthew Green collected donations in 2013 to finance a Truecrypt professional security audit.
The necessary money quickly came together, but then the story took an unexpected turn: The Truecrypt developers stopped developing their tool and are still warning about its use on their website. How this came about is still unclear. Truecrypt has not been developed since then, but there is a follow-up project: The French company Idrix took the publicly available Truecrypt code and has since developed the program under the name Veracrypt.
The audit initiated by Green nevertheless took place. The result: some minor security issues, but nothing particularly exciting. The BSI was apparently also interested in these results because it commissioned the Fraunhofer Institute with an assessment that can be downloaded from the BSI website. There is no mention of the fact that the BSI had a detailed analysis of Truecrypt prepared many years earlier.
The BSI did not initially send out its entire report
Their existence and scope only became known through the request for the Freedom of Information Act (IFG). The IFG allows anyone to request documents from German authorities. If none of the exceptions provided for in the Freedom of Information Act apply, authorities have to issue the documents.
A user of the "Ask the State" platform, on which IFG inquiries can be made automatically, turned to the BSI and asked in general terms whether tests on TrueCrypt or information about a back door were available. The BSI then sent the user parts of the internally generated security audit from 2010, but pointed out that the documents are protected by copyright and may not be published.
However, the documents provided by the BSI were incomplete. They were numbered from work package 2 to work package 6, but there was still a work package 1 and - several times in the other documents refer to it - a work package 7. After repeated requests from the author of this article, the BSI also published these documents.
There were a number of references to security issues in the documents. None of this is dramatic in and of itself. Above all, there are problems that can become safety-critical in connection with other errors. But it would still make sense to fix it. Many of them are still in the code of the Truecrypt successor Veracrypt.
Most problems are related to wiping memory securely. With encryption software, it is common to delete the working memory in which you have stored keys or passwords immediately after use. It is a precautionary measure if this memory can later be viewed by an attacker due to other errors. The BSI security report lists numerous places in the TrueCrypt code where such a memory erasure does not occur.
Veracrypt developers are surprised
According to the BSI, it tried to pass the information on to the Truecrypt developers: "The BSI had commissioned external contractors for the analysis. The contractors have communicated the relevant results to the TrueCrypt Foundation in coordination with the BSI," wrote a BSI spokesman on demand. "The TrueCrypt Foundation then informed the contractors that the results were not relevant in their view."
When asked why the documents were not published or communicated to the follow-up project Veracrypt, the BSI writes: "The result documents of the audit from 2010 were not intended for publication and related to the previous version TrueCrypt 7.0." In addition, the project, in the context of which the analysis was carried out, was completed in 2011, "long before VeraCrypt was founded in 2015," according to the BSI.
The developers of Veracrypt were surprised by the existence of the BSI report on request. "I have never been contacted by the BSI about Truecrypt or Veracrypt," Veracrypt developer Mounir Idrassi writes on request. "It is surprising to hear that the results of such an audit are kept secret for copyright reasons." Veracrypt has now fixed some of the weaknesses described in the BSI audit.
As mentioned, the documents may not be published. However, anyone interested in their content can send an informal letter to the BSI to the IFG.
