14 DAY TRIAL // Cryptography and information security experts are determined to audit TrueCrypt, the popular open source file and disk encryption software used by people from all over the world to protect their most sensitive information.
Kenneth White, principal scientist at BAO Systems, and Matthew Green, cryptographer and research professor at Johns Hopkins University, have started a couple of fundraisers to raise the money needed to perform a full audit of TrueCrypt.
The initiative comes in light of recent news regarding the NSA’s efforts to undermine encryption software.
“The 'problem' with Truecrypt is the same problem we have with any popular security software in the post-September-5 era: we don't know what to trust anymore,” Green said.
“We have hard evidence that the NSA istampering with encryption software and hardware, and common sense tells us that NSA is probably not alone. Truecrypt, as popular and widely trusted as it is, makes a fantastic target for subversion,” he added.
“But quite frankly there are other things that worry me about Truecrypt. The biggest one is that nobody knows who wrote it. This skeeves me out. As Dan Kaminsky puts it, 'authorship is a better predictor of quality than openness'. I would feel better if I knew who the TrueCrypt authors were.”
Green highlights the fact that even if the encryption software’s source code is trustworthy, many people use it as a Windows binary, which isn’t necessarily the same.
Besides a professional audit by security evaluation companies, the experts also want to have the license reviewed by a competent attorney, pay out bug bounties to those who find security issues, and implement deterministic/reproducible builds.
The fundraisers are on FundFill and Indiegogo. So far, over $22,000 (€16,000) have been raised.