TrueCrypt, one of our favorite encryption tools of the past few years, has finally finished undergoing a security audit. Here’s how it fared, and what that means for you.
First, the results: TrueCrypt’s audit showed no evidence backdoors or serious flaws, which is good. The researchers did find a few issues, however, with the random number generator and the possibility of “cache timing” attacks. However, these issues would only present themselves in very rare situations. If you’re curious about the nitty gritty details, cryptographer Matthew Green explains it well on his blog, or you can read the full audit here (PDF). The jist is: unless you’re hiding some very, very important stuff, TrueCrypt should be sufficient to hide your data from all but the most prying eyes.
Of course, TrueCrypt is no longer in active development, which means we don’t really recommend using it. Instead, try its open-source successor, VeraCrypt, which has already improved on the security of TrueCrypt and will hopefully solve the issues outlined in the audit soon. For the vast majority of users, it should be more than secure enough—however, if you’d prefer to use something else, there are plenty of other tools out there.
Truecrypt: Cryptographic Review | Open Crypto Audit Project
Image remixed from Igor Stevanovic (Shutterstock).