Why TrueCrypt might not be so insecure after all

have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
guteksk7/Shutterstock
Reports of TrueCrypt’s flaws were greatly exagerated, if a 77-page report coming out of Germany’s Fraunhofer Institute is anything to go by. The intensive six-month study concludes that the encryption software is nowhere near as insecure as reported back in 2014.

“Our general conclusion is that TrueCrypt is safer than previous examinations suggest,” wrote professor Eric Bodden in a blog post announcing the study.

TrueCrypt was discontinued in the summer of 2014 — the developers said they didn’t want to maintain a standard with “unfixed security issues.” It’s still not clear exactly what those vulnerabilities were — they were never announced, in part to protect the project’s millions of users. Security researcher James Forshaw did find two flaws in September that could be used to compromise a machine (though not decrypt an encrypted hard drive), but it’s possible the vulnerability that led to the project being abandoned is something else entirely.

Whatever the problem is, the Fraunhofer Institute didn’t find anything they deemed a critical flaw during their six-month study — though they did state that encryption can’t solve all security concerns.

“From a security perspective, the fact that TrueCrypt is a purely software solution means that it cannot in principle protect against all relevant threats,” says the study.

Bodden added to this point in his blog post.

“It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system,” wrote Bodden, adding that “TrueCrypt seems not better or worse than its alternatives” so far as encrypting data is concerned.

Basically, if someone already has access to your system in some way — be it physical access to the machine while it’s running, or the installation of Trojan horse malware — encryption of any kind won’t help. Keyloggers can be installed, and files can be accessed by malware while the user is accessing an encrypted drive — no encryption can prevent that. Encryption does, however, make it hard for someone who steals your hard drive to access the data on it.

Whatever flaw prompted the TrueCrypt developers to abandon the project — and even advise developers to not fork it — may not have shown up in any study, but it’s becoming harder to imagine what that flaw might be. A fork of the software, called VeraCrypt, includes patches for every bug that’s been found so far.

Computing

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.
Mobile

24 must-have apps for rooted Android phones and tablets

Rooting your Android device opens up a world of possibilities, along with a few apps. Here are 24 of our favorites, so you can make the most of your rooted device and unleash the true power of Android.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

From hot rods to budget sleepers, our favorite desktops can handle anything

Are laptops overrated? Experience the power offered by the best desktop computers on the market today, whether you're in need of a budget solution or a fire-breathing, $4,000 premium gaming rig.
Mobile

Want to watch Netflix in bed or browse the web? We have a tablet for everyone

There’s so much choice when shopping for a new tablet that it can be hard to pick the right one. From iPads to Android, these are our picks for the best tablets you can buy right now whatever your budget.
Product Review

HP’s gem-cut Spectre x360 15 is the most powerful 2-in-1 you can buy

HP’s 2019 Spectre x360 15 brings this massive 2-in-1 up to speed, literally. It now equips the same six-core Intel CPU as the rest of the 15-inch field, along with a real GPU for some 1080p gaming.
Computing

Man pleads guilty to scamming Facebook and Google out of more than $100M

One of the men behind an elaborate fraud that saw Facebook and Google each hand over tens of millions of dollars has admitted to his part in the scheme. Lithuanian Evaldas Rimasauskas faces up to 30 years in a U.S. jail.
Computing

Ditch the background from your photos with these handy editing tools

Need to know how to remove the background from an image? Whether you prefer to use a premium program like Photoshop or one of the many web-based alternatives currently in existence, we'll show you how.
Computing

Yes, you can use Android apps on your Chromebook. Here's how

You can now get Android apps on your Chromebook! Google has enabled the Google Play Store app support on its Chrome OS and Chromebook hardware, so to get you started, here's our guide on how to get Android apps on a Chromebook.
Computing

Zipping files on a Chromebook? Follow these four easy steps

Chromebooks support file compression, though they work a little differently than on Windows or Mac. Here's the step-by-step process to zipping files on a Chromebook, and then unzipping them again for extraction.
Computing

Tired of all that white? Here's how to change the Google background image

Did you know that you can change how your Google search home page looks? It's a simple process to pick a new theme: We'll show you how to change your Google background, what to look for in themes, and how to download your own pictures for a…
Deals

These big, beautiful BenQ gaming monitors are on sale on Amazon right now

All gamers know that a good monitor is just as important as PC hardware to fully enjoy what today's games have to offer. BenQ makes some of the best (including some of our favorites), and three top-rated BenQ gaming monitors are on sale on…
Deals

The best Raspberry Pi 3 kits for coders, gamers, and DIY projects

The Raspberry Pi 3 is a low-budget computing platform capable of doing just about anything. We rounded up a handful of the best Raspberry Pi 3 bundles to get you started on a variety of DIY projects.