What crept into the crypt? TrueCrypt bugs may finally have been discovered

18 months on those nasty truecrypt bugs have been found

A year and a half ago, users of the TrueCrypt encryption software were shocked to find the long-time developers had quit, stating that they could no longer continue to develop a standard that contained ‘unfixed security issues.’ Understandably they didn’t reveal what those problems were, as doing so would have made the software’s many users vulnerable, but now, we can report on what those bugs actually were.

Discovered by security researcher James Forshaw, the two vulnerabilities in the system could be used to compromise the machine of a TrueCrypt user. While neither would make it possible to decrypt drives protected with the TrueCrypt software, the vulnerabilities would have allowed for the installation of malware on a user’s machine, which would be enough to potentially figure out their decryption key and other sensitive data.