Skip to main content
  1. Home
  2. Computing
  3. News

Why TrueCrypt might not be so insecure after all

By

have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
guteksk7/Shutterstock
Reports of TrueCrypt’s flaws were greatly exagerated, if a 77-page report coming out of Germany’s Fraunhofer Institute is anything to go by. The intensive six-month study concludes that the encryption software is nowhere near as insecure as reported back in 2014.

“Our general conclusion is that TrueCrypt is safer than previous examinations suggest,” wrote professor Eric Bodden in a blog post announcing the study.

Recommended Videos

TrueCrypt was discontinued in the summer of 2014 — the developers said they didn’t want to maintain a standard with “unfixed security issues.” It’s still not clear exactly what those vulnerabilities were — they were never announced, in part to protect the project’s millions of users. Security researcher James Forshaw did find two flaws in September that could be used to compromise a machine (though not decrypt an encrypted hard drive), but it’s possible the vulnerability that led to the project being abandoned is something else entirely.

Related

Whatever the problem is, the Fraunhofer Institute didn’t find anything they deemed a critical flaw during their six-month study — though they did state that encryption can’t solve all security concerns.

“From a security perspective, the fact that TrueCrypt is a purely software solution means that it cannot in principle protect against all relevant threats,” says the study.

Bodden added to this point in his blog post.

“It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system,” wrote Bodden, adding that “TrueCrypt seems not better or worse than its alternatives” so far as encrypting data is concerned.

Basically, if someone already has access to your system in some way — be it physical access to the machine while it’s running, or the installation of Trojan horse malware — encryption of any kind won’t help. Keyloggers can be installed, and files can be accessed by malware while the user is accessing an encrypted drive — no encryption can prevent that. Encryption does, however, make it hard for someone who steals your hard drive to access the data on it.

Whatever flaw prompted the TrueCrypt developers to abandon the project — and even advise developers to not fork it — may not have shown up in any study, but it’s becoming harder to imagine what that flaw might be. A fork of the software, called VeraCrypt, includes patches for every bug that’s been found so far.

Editors' Recommendations

Topics
Justin Pot
Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
The HP Victus gaming PC with RTX 3060 has a $550 discount
The HP Victus 15L gaming PC in white.

Gamers don't need to spend more than $1,000 if they want to buy a new gaming PC because there are affordable options like the HP Victus 15L gaming desktop. From its original price of $1,400, you can get it for just $850 as HP has applied a $550 discount on this machine. However, you shouldn't delay your purchase because there's no assurance that the gaming PC will still be 39% off tomorrow. If you want to make sure that you get it for less than $1,000, you're going to have to complete the transaction for it within the day.

Why you should buy the HP Victus 15L gaming desktop
You shouldn't expect the HP Victus 15L gaming desktop to match the performance of the top-of-the-line models of the best gaming PCs, but it's surprisingly powerful for its cost. Inside it are the 13th-generation Intel Core i7 processor and the Nvidia GeForce RTX 3060 graphics card, with 16GB of RAM that our guide on how much RAM do you need says is the best place to start for gaming. It's enough to play today's best PC games without any issues, and it may even be capable of running the upcoming PC games of the next few years if you're willing to dial down the settings for the more demanding titles.

Read more
This 17-inch HP laptop is on sale for just $300 — but hurry!
The HP 17t-cn300 17.3-inch laptop against a white background.

If you want to buy a laptop with a relatively large screen, the good news is that you don't have to break the bank with your purchase because you can get the HP Laptop 17t for a very affordable $300. It's on sale from HP with a $200 discount on its original price of $500, but there's no telling how much time is remaining before this offer expires. We don't think it will stay available for long because laptop deals like this almost always get sold out quickly, so complete the transaction as soon as possible to make sure that you don't miss out on the savings.

Why you should buy the HP Laptop 17t
With the 17.3-inch display of the HP Laptop 17t, you'll have a lot of screen real estate to work on your projects and watch streaming shows. It's pretty affordable for a laptop with this large screen, which offers HD+ resolution for sharp details and vibrant colors. However, despite its big display, the HP Laptop 17t maintains portability because it's only 0.78 of an inch thick, which makes it easy to slide into your bag when you're on the go, and it won't be too heavy to carry around because it only weighs about 4.6 pounds.

Read more
What to do if your Intel CPU keeps crashing
Pins on Core i9-12900K.

Despite being among the best processors you can buy, some high-end Intel CPUs have faced a wave of instability over the past few months. Intel is investigating the problem, but the company and its motherboard partners have already worked toward some temporary fixes to improve stability on high-end Intel CPUs -- even if it comes at a performance cost.

Before getting into the fixes, keep in mind that they are temporary. Intel will release a statement on the instability soon, likely with more direct guidance on what affected users should do. In addition, the scope of the problem isn't clear -- if you're not experiencing issues, you shouldn't have anything to worry about.
Who's affected

Read more