Skip to main content
  1. Home
  2. Computing
  3. News

What crept into the crypt? TrueCrypt bugs may finally have been discovered

Add as a preferred source on Google

A year and a half ago, users of the TrueCrypt encryption software were shocked to find the long-time developers had quit, stating that they could no longer continue to develop a standard that contained ‘unfixed security issues.’ Understandably they didn’t reveal what those problems were, as doing so would have made the software’s many users vulnerable, but now, we can report on what those bugs actually were.

Discovered by security researcher James Forshaw, the two vulnerabilities in the system could be used to compromise the machine of a TrueCrypt user. While neither would make it possible to decrypt drives protected with the TrueCrypt software, the vulnerabilities would have allowed for the installation of malware on a user’s machine, which would be enough to potentially figure out their decryption key and other sensitive data.

Recommended Videos

https://twitter.com/tiraniddo/status/648293501050986496

Forshaw later clarified that he didn’t suggest the bugs were put in intentionally to test auditing measures, but that the fact it had passed so many checks suggested that the audits weren’t stringent enough.

For anyone worried about these bugs, the best thing to do is move over to one of the TrueCrypt successors. As ExtremeTech points out, one solution, VeraCrypt, has patched out these bugs and uses the same codebase as TrueCrypt, so should be pretty familiar.

However, that would suggest that these security concerns weren’t necessarily what sent the developers away from their long-time encryption platform. Surely if they were so easy to patch out, it wouldn’t cause them to jump ship. Maybe they contributed to it, but it would seem likely that there are other security concerns that may have yet to be discovered in the code base.

Do you think this sort of bug would be enough to cause the people who had worked on TrueCrypt for so long look to find themselves another gig?

Jon Martindale
Jon Martindale covers how to guides, best-of lists, and explainers to help everyone understand the hottest new hardware and…
What is Copilot? Everything you need to know about Microsoft’s AI assistant
There’s a Copilot for almost everything now. Here’s which one you need
Microsoft Copilot Banner Featured

Microsoft has attached the Copilot name to so many products that a simple question like "What is Copilot?" now needs a little more context. There is the main Microsoft Copilot chatbot, Copilot inside Microsoft 365, GitHub Copilot for developers, Gaming Copilot for Xbox users, and a separate category of Windows laptops called Copilot+ PCs.

For most people, Microsoft Copilot means the company’s general-purpose AI assistant. So you'd expect it to answer questions, search the web, generate and edit images, and the rest of the usual AI chatbot features. You can access it through a browser or dedicated apps for Windows, macOS, Android, and iOS. It is also integrated into Microsoft Edge, the Xbox mobile app, and Game Bar on Windows 11.

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more
I spent a fortune on a Copilot+ PC, and I’ve barely ever touched Microsoft’s AI
Microsoft needs to give Copilot+ PC owners a reason to use Copilot
Copilot

There is a dedicated Copilot key on my ASUS Zenbook 14 OLED. Months after buying the laptop, it may be one of the least important keys on the entire keyboard. My Zenbook UM3406 runs on AMD’s Ryzen AI 300 series processor, complete with a dedicated NPU offering up to 50 TOPS of AI performance. That qualifies it as a Copilot+ PC, which makes it a part of what Microsoft once described as the new era for Windows.

AI is already a regular part of my workday. I use it for research, brainstorming, and working through ideas. But rather than relying on something built into the Windows OS, I've relied on the likes of ChatGPT, Claude, and Gemini.

Read more