TrueCrypt has passed the audit after a few bumps and delays, with its forks coming off with VeraCrypt and CypherShed.
TrueCrypt has been recommended by Edward Snowden due to its power and special features, while it has been praised by Amazon, too. Its developers have been undercover for a long time and not a single audit could be completed for checking up on the services provided and the layer of security offered.
This was about to change with the continuous EFF backed audit performed on TrueCrypt. However, the people behind the service of TrueCrypt have suddenly turned the switch off leaving their fans on edge and their trust percentage at a truly low point.
Fortunately for the fame of the company and for the people who have trusted its services, both the Phase I and Phase II of the audit have been completed with a huge success by the Open Crypto Audit Project. The results have been nothing but promising for the future, since there is no severe vulnerability that might put its users off from choosing such a weapon of encryption.
The chief researcher of the project who has been in charge of the audit is Matthew Green. From his personal blog, we quote: “The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.
That doesn’t mean TrueCrypt is perfect. The auditors did find a few glitches and some incautious programming — leading to a couple of issues that could, in the right circumstances, cause TrueCrypt to give less assurance than we’d like it to.”
So, no deliberate backdoors and nothing that leads to concerning consequences and problems over time. Although TrueCrypt is not perfect, most Internet users should not be too worried about not finding a perfect service; there rarely are perfect services and tools on the web. The glitches, however, that have come up throughout the audit do not lead to the characterization of TrueCrypt as insufficient towards providing top-scale encryption.
Now, TrueCrypt has been left as open source for others to make forks off. The two major forks of TrueCrypt include VeraCrypt and CypherShed, with the former being regarded as a better option for everyone to make use of. Still, nobody knows how any of these forks will turn out to be.
Matthew Green had concluded as to TrueCrypt with the following: “TrueCrypt is a really unique piece of software. The loss of TrueCrypt’s developers is keenly felt by a number of people who rely on full disk encryption to protect their data. With luck, the code will be carried on by others. We’re hopeful that this review will provide some additional confidence in the code they’re starting with.”
So, this is a great way to boost the confidence in TrueCrypt and the people who have been working on this project. It is true that data protection is in need of full disk encryption and TrueCrypt has been able to provide just that. Edward Snowden could not have been mistaken, after all!