Perché VeraCrypt è più sicuro di TrueCrypt?

6

TrueCrypt si è ritirato con un misterioso " L'uso di TrueCrypt non è sicuro in quanto potrebbe contenere problemi di sicurezza non risolti " ( fonte )

Ieri Slashdot ha riportato VeraCrypt come un sostituto migliore ( source ) poiché rimbalza su diversi valori di iterazione KDF (probabilmente solo #defines nel codice: /)

Perché è così? Dubito che il problema originale con TrueCrypt sia stato il valore di iterazione dal momento che l'hacking di qualsiasi KDF con qualsiasi passphrase di dimensioni decenti è ancora estremamente difficile. In altre parole, dubito che sia il KDF quello che era il punto debole per cominciare, quindi i cambiamenti di VeraCrypt sembrano installare una porta blindata in acciaio su una casa con molte finestre di vetro.

Quindi, su quali prove possiamo considerare VeraCrypt più sicuro di TrueCrypt?

    
posta DeepSpace101 14.10.2014 - 19:36
fonte

2 risposte

4

Solo attraverso la revisione e il test del codice.

Le modifiche nelle iterazioni possono effettivamente rendere quelle aree del codice più resilienti alla forzatura bruta, ma le iterazioni sono solo una parte dell'architettura generale che deve essere considerata.

    
risposta data 14.10.2014 - 20:38
fonte
2

Fin dal responsabile del progetto ... (credito a questo thread )

VeraCrypt not only enhances security over the original TrueCrypt through an increased iterations count, but it also solves all the serious security issues and weaknesses discovered so far in the source code. A good list of these weaknesses can be found in the https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

We have documented these security changes in the git commits. The important ones start with "Windows vulnerability fix" and "Static Code Analysis". I'll use the list if the Open Crypto Audit project :

  1. Weak Volume Header key derivation algorithm: fixed since the birth of VeraCrypt. As of 2014, any security professional will tell you that PBKDF2 should be used with a minimum of 10000 iteration for a high security, combined with a strong password. The 1000 count comes from 2004 and it is outdated, and that's why the Open Crypto Audit placed it as the first vulnerability. In VeraCrypt, we choose since 2013 a very high iterations count to meet the increasing security requirements, hopefully for the next 10 years.

  2. Multiple issues in the bootloader decompressor : fixed in git and it will be released in version 1.0f. This was very challenging because of the size requirements of the bootloader. We had to optimize the code size of many part in order to make room for the modifications of the decompressor.

  3. Windows kernel driver uses memset() to clear sensitive data: fixed since version 1.0e TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG kernel pointer disclosure: fixed since version 1.0e

  4. IOCTL_DISK_VERIFY integer overflow: fixed since version 1.0e

  5. MainThreadProc() integer overflow: fixed since version 1.0e
  6. MountVolume() device check bypass: fixed since version 1.0e
  7. GetWipePassCount() / WipeBuffer() can cause BSOD: fixed since version 1.0e

Moreover, the VeraCrypt source code has ben checked using two static code analyzer tools and they reported many issues that were solved (commits starting with "Static Code Analysis"). One of the most time consuming part was the complete rewrite of string manipulation code in order to use Safe String functions instead of the vulnerable string.h ones (both in user mode and kernel mode). Other fixes included :

  • correcting memory leaks
  • fixing potential overflow when parsing language file that can exploited.
  • fixing non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637).

While we inherited much of the code of TrueCrypt, we have introduced many modifications and corrections that enhances the overall security with a big margin. Of course, most of these modifications are invisible to the general user but security experts can easily checks the current state of the code and validate our approach.

I'm taking this opportunity to announce that we have been able to implement SHA-256 key derivation for system boot encryption (200 000 iterations). TrueCrypt has been always supporting only RIPEMD-160 for system partition encryption and this clearly needed an upgrade because of the aging RIPEMD-160 even if no public attack exists for it. Because of different limitations in the boot loader (code size, memory), this was not an easy task and we had to introduce optimizations and new bootloader management in the VeraCrypt formating program in order to be able to support RIPEMD-160 and SHA-256 at the same time.

We'll publish soon a beta version of VeraCrypt 1.0f that will include this SHA-256 in order to have feedback from users.

For those who wonder why we implemented SHA-256 and not SHA-512 for the bootloader, the answer is that it was not possible to implement SHA-512 in the 16-bit environment of the bootloader because it needs 64-bit operations which can't be decomposed efficiently into 16-bit operations. On the other hand, SHA-256 uses 32-bit operations which adapts easily to the 16-bit environment even if we lose performance.

Voila voila...I hope I have been able to answer your questions and to show how VeraCrypt is a descent secure alternative to TrueCrypt.

Cheers,

    
risposta data 15.10.2014 - 02:44
fonte

Leggi altre domande sui tag