Based on the sum of the evidence that’s now filtered in, and in the consensus view of experts, the primary cause of the TrueCrypt crisis of the last few days was developer fatigue. After 10 years of thankless work developing the open source disk encryption tool, faced with the need to do major extending and refactoring of the codebase to support new technical requirements and demands from security auditors, the anonymous author or authors decided to throw in the towel. The way they did it tells of more complex motives, and has supplied ample fuel to the conspiracy theorists of the world. But importantly, there is no evidence that these events were motivated by any known security flaw or trust deficiency in TrueCrypt or in its build or distribution process, or by any act of coercion. And in spite of the apparently deliberate reputational damage committed by the developers, unless and until demonstrated otherwise, TrueCrypt is in fact still secure, and this story is far from over.
Easier to walk away
Having spent many years as a software engineer authoring and operating components in the scope of large, interconnected applications, I can sympathize completely with the TrueCrypt developers’ assertions of fatigue. When you singularly own code that a lot of people depend on, are too stubborn to share the burden with others, and are so foolishly sentimental and antiquated as to actually care about the quality of what you’ve produced, every line of code is a perpetual, open-ended obligation. Over time these incremental weights amass to a mountain on your shoulders. External requirements and change requests present as a nuisance to your carefully harmonized machine, a nuisance that compounds and amplifies.
Before a breaking point is reached, software developers that aspire to fight another day will either learn to play nice with others or pull an old trick whereby responsibility is outright shifted off to new owners. Those who refuse to relinquish absolute control die hard, and that’s what happened to TrueCrypt this week.
The authors of TrueCrypt were staring down the barrel of having to add support for UEFI Secure Boot and GPT in order to support full disk encryption on Windows 8. As it turns out, developing around the Windows boot process is a huge pain the ass, or as someone else put it, effectively tasks developers with “out-Microsofting” Microsoft. Meanwhile, the recently published Phase I Audit Report from the community funded audit of TrueCrypt leveled a number of criticisms at the TrueCrypt developers pertaining to reproducible builds and code standards, in which, particularly, the steep barriers faced by anyone wishing to build the application from source code represent a valid and important security concern.
It starts to become clear why the developers would opt to call it quits, and early yesterday, even before all the evidence was in, some prescient observers had already proposed this narrative, including commenter Bill Cole over on Krebs, and Brad Kovach and Steve Gibson in blog posts.
More direct evidence has since rotated into view, via the only liaison the world has with the developers, second hand bits and pieces of email exchanges publicized on Twitter by members of the audit team. The first of these quoted a purported TrueCrypt developer as saying they “were happy with the audit, it didn’t spark anything. We worked hard on this for 10 years, nothing lasts forever.” Several more followed stating that there was no state coercion involved and wrapping up with “There is no longer interest.” This may be the hardest evidence and the last word we’ll get from the developers, and corroborates the fatigue narrative guessed at by observers.
Attempting to inflict maximum damage on exit
Now if it was, as asserted, fatigue alone and they just didn’t have the will to go on, the TrueCrypt developers could have arranged to hand off the project gracefully. But instead, in keeping with the defiant style that has characterized all their work, they made a deliberate decision to murder their baby in front of everyone, harm the entire user base, validate everyone’s fears about placing trust in them, and forever taint the name of TrueCrypt.
The very first line of the placeholder content on truecrypt.org proclaims in big red letters “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.” As long as the developers don’t know something absolutely horrible that we don’t, this is as deliberate an exaggeration and misrepresentation as they come. There’s a huge difference between application code being deemed immediately insecure and application code that may potentially lapse into insecurity at an unknown point in the future as a result of some yet unknown and presently purely fictional series of events that may never occur. What program isn’t insecure in these preposterous terms?
The warning was plainly engineered to spread fear, uncertainty and doubt, and has been spectacularly successful in that purpose. The same warning litters the crippled version 7.2 builds, emplaced simultaneously with the conspicuous and needless yanking of all previous builds and site content, which can now only be had at via third party archives. I am sure the developers would claim they made these moves in the interest of the future security of users. Frankly, that’s a crock of shit that nobody believes.
The pushing of BitLocker as a substitute solution in the placeholder content, a program TrueCrypt fundamentally existed to defeat for 10 years and of which the developers had been highly critical, makes so little sense it can hardly be seen in any other light than satire. Furthermore the TrueCrypt developers are well aware that 80% of Windows users don’t have access to BitLocker in their installed layouts (something Microsoft should be thoroughly ashamed of, by the way). Equally flimsy indications were offered for Mac and Linux users.
Many, including myself, waived off warnings about the potential security consequences of a reclusive authoring team for a long time. Those who voiced those warnings appear to have had the last laugh.
The authors of TrueCrypt do not want us ungrateful peons to use TrueCrypt anymore. In their eyes we do not deserve the use of their masterpiece. If they could have their way they would not permit us to use it anymore. Since that is impossible, they stylized their exit in such a way as to befoul the place as they hit the door. I suspect that the audit movement burned them up inside in spite of their denials. The fact that more money was raised to scrutinize TrueCrypt than was probably ever donated to them for their hard work had to hurt. I, myself, right here on this very blog, have spoken critically of the TrueCrypt development team’s release practices, a habit I guess I am continuing now. For all these transgressions, they may have been looking to exact a little revenge.
All you had to do was look at the Twitter streams for TrueCrypt yesterday to witness the wild success of this FUD campaign. People were doing reverse steganography, finding the acronyms of three letter agencies in the truecrypt.org replacement content. I’m not kidding, that actually happened. Somehow this all had to do with Edward Snowden. “Snowden’s favorite program shut down.” Actual news outlets had that one. It was a foregone conclusion that a major security flaw existed in TrueCrypt. No, had made the field, and was ravaging people’s data as we speak. If the internet is good for one thing it’s getting people to gleefully spread misinformation about things they have zero understanding of.
So what now?
- Watch for the Phase II Audit Report from the Open Crypto Audit team in the next few months.
In the midst of the panic and uncertainty Thursday, the audit team announced that they are continuing forward as committed with Phase II of their work, which will focus on evaluating TrueCrypt’s cryptographic core. There will be a report published probably in August. To constitute anything besides a vindication that TrueCrypt is still safe to use, this next report would have to disclose a serious vulnerability or backdoor – say, the kind that could allow an attacker to decrypt TrueCrypt containers at will. Unless and until that happens, there is nothing that took place this week that demonstrates that TrueCrypt is technically insecure or in any way unsafe to continue using.
- Wait for the open source software community to fork TrueCrypt or construct a new implementation.
The user base and data footprint are too big, the stakes are too high, and the alternatives are too lousy, cumbersome, and untrustworthy, for TrueCrypt as a technology to fall out of use merely on account of hitting this bump. There are already Linux tools that operate on TrueCrypt file-container volumes. I’m going to wax uncharacteristically optimistic and say that in the near future there will be a new cross-platform, open source, fully freely licensed implementation made available under a different name, either forked from the 7.1a codebase or coded entirely anew. In time it will be feature complete to what 7.1a could do. In time it will surpass it and this whole crisis will be long forgotten.
- Continue using TrueCrypt 7.1a where you were already using it until there’s a reason not to.
There’s going to be a stretch here where if we want to “do” TrueCrypt, we’re stranded with orphaned version 7.1a. I’m fine with that for my existing use cases.
- Use the alternatives if and when they make sense for new applications in the interim.
TrueCrypt 7.1a is not necessarily going to be kosher for any and all applications, though, because the guarantees we had (or rather thought we had) a week ago about support and survivability have been, for the time being, invalidated. There are going to be judgment calls to make. There are people that will never want anything to do with TrueCrypt again. There are organizations that will drop it from standards they reluctantly added it to in the first place. Unfortunately the TrueCrypt developers are going to get what they asked for, at least for now, as BitLocker could make sense for some applications while we wait for a replacement open source solution we can trust. Somewhere inside Microsoft headquarters someone’s gesturing like Monty Burns as I write this.
Yes, TrueCrypt has taken a hit, but this is not the end. It’s the beginning of the next phase. Stay tuned.
The Open Crypto Audit Project / istruecryptauditedyet.com / their Twitter feed
Steve Gibson: Yes, Virginia, TrueCrypt is still safe to use.
Pingback: Afera TrueCrypt ili softver auditing umesto softvera | IT-Modul