The security research team at Edinburgh Napier have outlined the strange mystery around one of the successful cryptography packages: TrueCrypt here. An outline is:
Imagine the headlines, if, after a full review of the safety of their cars, that BMW announced that they were releasing a new car that had safety warning messages all over it, and that it was the last car they would ever be building. To add to this they had limited the performance of it so that it was almost unusable, and that car users should go and purchase a Mercedes Benz instead. And, finally, that they were shutting down all their plants and burning of all their designs, so that no-one could use them. Well, in the world of cryptography, this is roughly what happened with TrueCrypt.
The ability for defence agencies to read secret communications and messages gives them a massive advantage over their adversaries, and is the core of many defence strategies. Most of the protocols used on the Internet are clear-text ones, such as HTTP, Telnet, FTP, and so on, but increasing we are encrypting our communications (such as with HTTPS, SSH and FTPS), where an extra layer of security (SSL) is added to make it difficult for intruders to read and change our communications. When not perfect, and open to a man-in-the-middle attack, it is a vast improvement to communicating where anyway how can sniff the network packets can read (and change) the communications. The natural step forward, though, is to encrypt the actual data before it is transmitted, and when it is stored. In this way not even a man-in-the-middle can read the communications, and the encryption key only resides with those who have rights to access it.
While many defence mechanisms in security have been fairly easy to overcome, cryptography – the process of encrypting and decrypting using electronic keys – has been seen as one of the most difficult defence mechanisms to overcome. It has thus been a key target for many defence organisations with a whole range of conspiracy theories around the presence of backdoors in the cryptography software, and where defence agencies have spied on their adversaries. Along with the worry of backdoors within the software, there has been several recent cases of severe bugs in the secure software, and which can comprise anything that has been previous kept secure. This is highlighted within OpenSSL for Heartbleed, and with the heart symbol bug in TweetDeck.
So, after the major impact of the bug found in OpenSSL which led to Heartbleed, on 28 May 2014 2014 visitors to the TrueCrypt site found a message of:The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
For an open source project which supported a wide range of computer types and languages, it was a strange message to say that users should move to a closed-source and commercial solution. From a software solution that supports most types of modern computers, and is free to use, Bitlocker is part of Microsoft Windows, and which requires a licence for a version of Microsoft Windows that supports disk encryption.
Most encryption uses a secret encryption key, which is used to encrypt and also to decrypt. This is known as private-key encryption, and the most robust of these is AES (Advanced Encryption Standard). The key must be stored someone, and is typically placed in a digital certificate which is stored on the computer, and can be backed-up onto a USB device. The encryption key is normally generated by the user generating a password, which then generates the encryption key.
Along with this we need to provide the identity of user, and also that the data has not been changed. For this we use a hash signature, which allows for an almost unique code to be created for blocks of data. The most popular for this is MD5 and SHA. More details here. The hashing method used in TrueCrypt is SHA-512.
Encryption is the ultimate nightmare for defence agencies, as it makes it almost impossible to read messages from enemies. The possibilities is to either find a weakness in the methods used (such as in OpenSSL) or with the encryption keys (such as with weak passwords) or, probably the easiest is to insert a backdoor in the software that allows defence agencies a method to read the encrypted files.
There has been a long history of defence agencies blocking the development of high-grade cryptography. In the days before powerful computer hardware, the Clipper chip was used, where a company would register to use it, and given a chip to use, and where government agencies kept a copy of it.
in 1977, Ron Rivest, Adi Shamir, and Leonard Adleman at MIT developed the RSA public key method, where one key could be used to encrypt (the public key) and only a special key (the private key) could decrypt the cipher text. Martin Gardner in his Mathematical Games column in Scientific American was so impressed with the method that he published an RSA challenge for which readers could send a stamped address envelope for the full details of the method. The open distribution of the methods which could be used outside the US worried defence agencies, and representations were made to stop the paper going outside the US, but, unfortunately for them, many papers had gone out before anything could be done about it.
Phil Zimmerman was one of the first to face up to defence agencies with his PGP software, which, when published in 1991, allowed users to send encrypted and authenticated emails. For this the United States Customs Service filed a criminal investigation for a violation in the Arms Export Control Act, and where cryptographic software was seen as a munition. Eventually the charges were dropped.
TrueCrypt is an open source disk cryptography package, which has been around since February 2004 and maintained by the TrueCrypt Foundation. It has versions for Microsoft Windows, OS X, Linux, and Android, and supports 30 languages. David Tesařík registered the TrueCrypt trademarking the US and Czech Republic, and Ondrej Tesarik registered the not-for-profit TrueCrypt company in the US. It works by created a virtual drive on a computer, and then anything which is written to the disk is encrypted, and then decrypted when the files are read back. For encryption it uses private key encryption with AES, Serpent, or Twofish (or combinations of these), and uses hash functions of RIPEMD-160, SHA-512, and Whirlpool. In modern systems, AES is seen to be the most secure, and SHA-512 provides state-of-the-art signatures. The encrypted drive does not have a magic number which identifies the presence of TrueCrypt, but forensic analysis can reveal a TrueCrypt boot loader, after which a hacker might try different passwords to unlock the drive.
Internally, with Version 7.1a, there had been an audit on the code, with an announcement on 28 May 2014 that there was a discontinuation of TrueCrypt, along with the release of version of 7.2 (which was intentionally crippled and contained lots of warnings in the code). The updated licence (TrueCrypt License v 3.1) contained the removal of a specific language that required attribution of TrueCrypt. Never in the history of software had there been such an abrupt end, and where the developers did not even want a fork of their code. A recent email from a TrueCrypt developer (on 16 June 2014) outlined that they did not want to change the license to an open source one, and that the code should not be forked.
Some reckon that there was an on-going code audit, and that an NSA-created backdoor was due to be found. Again, something that the smoke-screen was then put-up to move towards a closed-source alternative, which some reckon, also has an NSA-enabled backdoor. Few security professionals, especially those involved in the creation of encryption software, would have recommended the Microsoft technology.
The mystery remains about the code, but there are some strange pointers that give some clues. A strange one is that, with the code, “U.S.” has been changed to “United States”, which could point to an automated search and replace method of changing the code to reflect a possible change of ownership of the code.
If there is a code bug, the light is likely to shine on one of the weak points in cryptography, which is the generation of a pseudo random number, which is almost impossible on a computer. One way of doing this is to randomly use the time between key strokes for users, but if an intruder can guess these, they can significantly reduce the range of numbers used for the cryptography process. This could have been the Achilles heel of the code, and that the audit process could have uncovered a flaw, which others could exploit. In the case of TrueCrypt the random number was generated by the user moving a cursor across the screen, and it could be this method which caused the problem.
Another possible problem focuses on the actual binary code produced. Even if the source code does not contain any bugs, it will be converted into machine code, which could expose problems which could be exploited. Overall, most users will generally download the binary distribution, as it is often too difficult to build the code from scratch. Thus there could have been an exploit within the binary distributions which could be compromised. Often developers forget that their code can be run within a debugger to view, and even edit, the code. With the code built for so many systems, it would have been almost impossible to make sure that the compiled code would be secure from being tampered with.
While the licence possibly prohibits a fork of the code, new groups, working outside the US, are looking a setting up the code to overcome the licencing issues. The Web site on the right-hand side shows a group based in Switzerland (TrueCrypt.ch), and who aim to fully investigate the code, and build on previous versions of the code. The message on the site is:TrueCrypt must not die TrueCrypt.ch is the gathering place for all up-to-date information. If TrueCrypt.org really is dead, we will try to organize a future.
Many see the encrypting of disks as the ultimate method of security, but, unfortunately, it suffers from many problems. These include:
This article has more questions than answers, as this is currently where we are in understanding what happened here. There are still many theories around, but what could have happened, and virtually every software developer will relate to this, is that the developers found an architectural flaw, which could not be fixed with a simple update, and they decided to pull-the-plug. Otherwise, there approach seems strange, and doesn’t fit into the normal practice of open source developers. It must be noted that when OpenSSL was analysed it contained a whole of serious problems, and perhaps the developers within TrueCrypt realised that their code, written in C++ and Assembly Language, might have some serious problems which could be exploited by others, or that it had already been.
Many wonder why the audit started by the TrueCrypt team should continue, but humans are inquisitive, and love the challenge of looking for flaws, so we need to keep examining our code, and weed out bad practice, as so many problems have been caused with poorly written software, just as OpenSSL has shown.
What is strange is that all the previous versions have been taken-off the TrueCrypt site, which seems to point to a problem with these versions, and where they are pushing users to use the most up-to-date version (which contains lots of warnings and with code that makes it difficult to use).
In an era, where the natural next step for security is for us to store encrypted data within public cloud infrastructures, a weaknesses of this could end up compromising the whole of the Internet. So rather than the shock story around BMW giving up building cars, the shock story could be that all our secret files and communications were now viewable by everyone on the Internet … honestly … it could happen!