An Interest In:
Web News this Week
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
- March 16, 2024
- March 15, 2024
November 21, 2015 04:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kU3O3Ww-ZxE/truecrypt-safer-than-previously-thought
TrueCrypt Safer Than Previously Thought
An anonymous reader writes: Back in September, members of Google's Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt's code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have "far-reaching access to the system," with which they could do far worse things than exploit an obscure vulnerability. The auditors say, "It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure." For other uses, the software "does what it's designed for," despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kU3O3Ww-ZxE/truecrypt-safer-than-previously-thought
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot