Technically, it's only vulnerable on operating systems that support setuid style permissions. That doesn't exist on windows, for example.
I find it especially sad to see something like this held back by an entity that claims to want to protect security in information technology and doubly so since this information would be relevant to the developers and many state entities that use the software and its successor.
The BSI is sadly often toothless when it comes to actually enforcing security standards on federal entities but to see them not even trying to educate on such matters, when they clearly know better, squanders a lot of trust one may have in them.
The BSI actually did communicate the findings of the report to the TrueCrypt developers in 2010, which the developers ignored:
> The results were communicated to the Truecrypt foundation, however the Truecrypt developers didn't consider them to be relevant. BSI furthermore says that the results were not intended to be published.
(From page 2 of the article)
It would be nice if it were easier to achieve transparency; but the flipside is that overzealous transparency laws can be abused too; at least here in the Netherlands there have been several cases where... creative... citizens decided to cash in on the fines imposed for non-compliance with such requests by spamming (iirc) municipalities with requests which had been phrased to be hard to deal with quickly, and hundreds of which submitted simultaneously. I believe the law has changed, but even so - requests like this aren't free. Somebody else is paying; and that's fine - but to expect them to furthermore go above and beyond and push for excellent service and quick turnaround is perhaps a little unreasonable.
Perhaps BSI was merely attempting to provide such a service for free.
Yup. That's something they do. They also do stuff like checking/scanning publicly accessible servers in Germany for outdated software/vulnerabilities and you'll get an e-mail if they find something (this is automated).
In this case there's the added dimension of the government using Truecrypt in some places at the time, so they had an interest in it being secure.
https://www.ajc.com/news/local-govt--politics/trial-start-mo...
> The BSI knew all that. [...]
> The results were communicated to the Truecrypt foundation, however the Truecrypt developers didn't consider them to be relevant. BSI furthermore says that the results were not intended to be published.
This is looking pretty terrible for Truecrypt. It means they ignored a vulnerability report and kept the vulnerabilities around for five years.
> Shortly before we published this article the BSI has allowed to publish the Truecrypt documents. They can be downloaded from the Frag den Staat web page. Update from December 16th 2019, 13:22
They all have "geschwärzt" (blackened) in the file name, but it looks like only some author's name (and maybe working group name) have been removed -- I've scrolled through a few of these files, and didn't find anything else that might have been removed.
> However the report hints that more such flaws exist. Another chapter in the documents mentions, that several such off-by-one-errors were found, but due to a lack of a complete code analysis only examples can be shown. However even those examples are missing in the document - the following chapter only consists of a headline and has no content.
Non-Google translation of the summary (AP7, page 70) for those interested:
"5 Summary
This work package first describes the basic building blocks that are utilized to secure the start [boot?] process, as well as ones that might be necessary and helpful to realize hard dism encryption via full-disk-encryption .
Beyond that existing attacks are described and investigated if the solutions presented here mitigate against them or not.
In chapter 4 several possible solutions are presented, both online (meaning with network connectivity) as well as offline.
The most promising solutions use the new Trusted-Computing functionality based on a Trusted Platform Module (TPM) and a Boot of Trust (CRTM/SRTM/DRTM).
The most desirable solutions are the Secure Boot procedure from chapters 4.4 and 4.5. These do however require either the development of new hardware or need to be based on special hardware extensions, e.g. Intel's TXT technology.
A large-scale deployment in an existing, heterogenous area is therefore improbable.
At the moment solutions that combine Trusted Boot with the attestation functionality seem to be the most sensible. This solution can be combined with: - Sealing: Storing a secret on the platform configuration. - NVRAM: Storing a secret in an area of the Trusted Storage, inside the TPM, that is only readable/writable given a valid configuration. - Attestation: Proof of platform integrity towards an external party. As "external parties", multiple counterparts could be realized: - Online, e.g. a central server. - Offline: e.g. a smart card or a smart phone application that takes on the verification for the server. All three variants (sealing, NVRAM, attestation) are reliant on the correctness of the PCRs."
The rest is potential use cases and an impact matrix of the attacks described in the document.
Or more precisely, towards an organizational variety of Hanlon's Razor, where stupidity takes the form of the organizational failure mode of underlings not being authorized to do what would have been the right thing.
Curiously, a less colloquial formulation of Hanlon's Razor would replace stupidity with incompetence and this, when translated to German contains a hint of a precisely matching double entendre: in German, "Kompetenz" is used for two separate things. For being able to (like in English) and being authorized to. It's not a full double entendre because the negated form "Inkompetenz" is exclusive to the mental ability, just like the English counterpart, but what's a good aphorism without subtle extra layers?
Asymmetric crypto will likely fall soon; symmetric crypto with conservative key length choices, e.g. AES-256, may stand for a long time (including the age of quantum computers).
> Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that."
They will get your password instead, by implanting your keyboard, putting a camera behind you on the wall, or grabbing you just after you've entered your password.
They release now because no one is using TrueCrypt any longer..
It needs to be firmly said that there is still no known way to recover plaintext from an unmounted TrueCrypt or VeraCrypt volume on a powered-off system without knowing the pass phrase. TrueCrypt and VeraCrypt are still totally secure for the standard use-case of protecting your powered-off laptop being stolen, or your backup drives being lost, or an encrypted volume that you’ve copied over to Dropbox being compromised.
And why should the casual user use TrueCrypt/VeraCrypt when Bitlocker/Filevault works out of the box and is built into the operating system? I feel like that most people using veracrypt do so because it's open source, and they're distrustful of the software vendors. For that threat model, you need to have protections against evil maid attacks, which TrueCrypt/VeraCrypt does not have.
