TrueCrypt Security Audit Finally Completed With (Mostly) Good Results
TrueCrypt, one of our favorite encryption tools of the past few years , has finally completed a security audit. Here’s how it was and what it means to you.
First, the results: The TrueCrypt audit revealed no evidence of backdoors or major flaws, which is a good thing. However, the researchers found several problems with the random number generator and the possibility of “cache timing” attacks. However, these problems only occur in very rare situations. If you’re curious about the finer details, cryptographer Matthew Greene will explain it well on his blog , or you can read the full audit here (PDF). The bottom line is that if you are not hiding some very, very important things, TrueCrypt should be enough to hide your data from all but the most prying eyes.
Of course, TrueCrypt is no longer in active development , which means that we do not recommend using it. Instead, try its open source successor, VeraCrypt , which has already improved TrueCrypt security and will hopefully address the issues identified in the audit soon. For the vast majority of users, it should be more than secure enough, however, if you prefer to use something else, there are many other tools out there .
Truecrypt: An Overview of Cryptography | Open Crypto Audit Project