The popular TrueCrypt full-disk encryption project shut down last year under mysterious circumstances, leaving concerns about the application's security and trustworthiness in its wake. As it happened, a group of cryptologists working under the banner of the Open Crypto Audit Project (OCAP) had already begun a community-driven audit of TrueCrypt's codebase. They continued their work in order to determine the fitness of TrueCrypt code as a basis for future forks. Today, they released the results of the audit in partnership with information assurance firm NCC Group, and the verdict is largely positive.
Matthew Green, one of OCAP's directors, summarized the results on his blog:
The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.
That doesn't mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to.
The most worrisome bug is said to lie in the random number generator of the Windows version of TrueCrypt, whose entropy pool relies in part on the Windows Crypto API. TrueCrypt can continue generating keys even if it detects that the Crypto API fails to initialize, which Green says should instead produce a critical error. Green also notes that TrueCrypt's AES code appears to be vulnerable to cache timing attacks.
Green expresses optimism that TrueCrypt code should be able to serve as a solid foundation for future encryption projects. TrueCrypt users might be able to rest easier now knowing that the NSA and GCHQ don't appear to have skeleton keys for volumes encrypted with the software.