Security audit

Topics: Technical Issues, Users Discussion
Dec 30, 2014 at 7:51 PM
Any chance we could fundraise money to get an audit for this Truecrypt Fork? I would invest my own time in organizing it.
Dec 31, 2014 at 1:33 AM
There is a Donate button on the VeraCrypt homepage. It would be nice if there was a graphic / text indicator of how much has been donated, along with fundraising levels at which certain things (like an audit) could be accomplished. Another good update would be giving the donor a few choices on how to use the donation (audit, development, etc.). Maybe a realtime donations log could be shown (the donor can input any text string to be used as the identifier for that donation, then the list shows the identifier, the amount, and the timestamp).
Coordinator
Dec 31, 2014 at 9:34 AM
A security audit is a very important milestone for VeraCrypt. Any help is welcomed in order to achieve this goal.
I already contact the Open Crypto Audit project concerning VeraCrypt since they already handled the TrueCrypt audit but after more than a month I didn't get any answer from them.

Concerning the donations, the current objective is to try to cover part of the development costs. As with most open source projects this is not the case.
VeraCrypt is a very complex piece of software that requires specialized technical skills and huge amount of time in order to provide a quality software on the three supported platforms (Windows, Linux and MacOSX) and also to provide support to users on the different forums. I donate my own time to this project because of its importance to the community, trying to achieve a balance between my job, my private life (my wife is really supportive and patient!) and VeraCrypt maintenance. Hopefully in the future, VeraCrypt can have a stable donations flow that could allow to dedicate time to its development more comfortably.

For your information, I started accepting donation for VeraCrypt 7 months ago ( June 2014). As of today, the donations total is 1230 Euros.

Just to give an idea about the development costs, I'll take as an example the correction of the TrueCrypt vulnerabilities (bootloader, use of unsafe functions, issues on the driver) and the introduction of SHA-256 to replace RIPEMD160 in the boot encryption. If this was done in the context of a paying project, it would have cost a minimum of 15000 Euros between the development and the tests. It may seem huge to normal users but this is really the minimum for a professional quality development.

I find the OpenHub cost estimate interesting in order to visualize how VeraCrypt evolved from TrueCrypt, although the difference in the costs should be devided by 3 or 4 to be more realistic (the COCOMO model has its limitations).
Jan 1, 2015 at 4:38 PM
Edited Jan 1, 2015 at 4:39 PM

And by the way, Mounir emails you a very nice "Thank You" message when you donate... :-)

Bonjour,

By this short message, I want to thank you for supporting the VeraCrypt project.
I'm glad to see users believing and supporting this project and this pushes me to do my best in order to provide the community with a professional grade software that helps protect their privacy.

Thank you again et merci!

Happy new year with my best wishes,

Mounir IDRASSI
Jan 1, 2015 at 10:36 PM
I think the best thing would to ask for money at kickstarter.com or so!
Coordinator
Jan 2, 2015 at 9:41 AM
I agree but before that we have to organize the details of the audit and get in touch with the people who can perform such audit.
Only after that we'll have an idea of how much it will cost and the we can start a funding campaign.

Ideally, I would like the audit to be done by a European based entity. This will give more confidence to the audit result knowing the suspicions clouds that are surrounding US based security activities. Unfortunately, iSEC who performed the TrueCrypt audit is a US based company.

Any suggestions are welcomed.
Jan 4, 2015 at 1:46 PM
Edited Jan 4, 2015 at 2:46 PM
Three suggestions:

1) mnemonic in Norway - http://www.mnemonic.no/en/Andre-sprak/English/Deliverables/Application-security1/

The Norwegian Ministry of Local Government and Regional Development hired mnemonic to perform a "third party review of those parts of the [electronic voting system] that implement cryptographic primitives and generate keys".

The report is here: https://www.regjeringen.no/globalassets/upload/krd/prosjekter/e-valg/kildekode/evalg_rapport_kildekodegjennomgang.pdf

2) Cure53 in Germany - https://cure53.de/#services-analysis

Cure53 did a code audit on CaseBox which is open source software developed by an NGO; the report is here: https://cure53.de/pentest-report_casebox-1.pdf

The NGO's discussion of their Cure53 code audit is here: https://www.huridocs.org/2014/12/casebox-security-strongly-improved-code-audit-report-published/

Cure53 also did a code audit on CryptoCat 2 (https://crypto.cat) which is an open source web and mobile application intended to allow secure, encrypted online chatting; the report is here: https://blog.crypto.cat/wp-content/uploads/2012/11/Cryptocat-2-Pentest-Report.pdf

3) 0xcite in Switzerland - http://www.0xcite.ch

This small company might be able to do good work at a better price than the others.
Jan 9, 2015 at 4:28 PM
What is the current update regarding an Audit?

Do you have an idea of how much it will cost about?

How much are the current donations?

Thanks...
Jan 9, 2015 at 4:40 PM
I think we should use the donation money to pay Mounir to take time during the working week to work on VeraCrypt. Imagine how much he would get done if he was paid for 1 months 100% work on VeraCrypt.

This will push the development forward and we would all benefit quickly from his efforts.

An audit can be performed constantly by interested individuals and rival teams. Once Mounir feels he has reached the end of significant development then an audit could be done. It seems a waste auditing code which is likely to change in the near future.

Also don't forget, unlike the TrueCrypt team, Mounir is a known individual, he has a reputation to maintain and a good business name.

He is unlikely to deliberately weaken VeraCrypt. I admit he is now contemplating allowing the weakening of the iteration count, but I assume this will be the last deliberate undermining of VeraCrypt's security.
Jan 11, 2015 at 7:20 PM
Like so undermining deliberate??????? Please explain it right! :/
Jan 11, 2015 at 7:25 PM
L0ck wrote:
I think we should use the donation money to pay Mounir to take time during the working week to work on VeraCrypt. Imagine how much he would get done if he was paid for 1 months 100% work on VeraCrypt.

This will push the development forward and we would all benefit quickly from his efforts.

An audit can be performed constantly by interested individuals and rival teams. Once Mounir feels he has reached the end of significant development then an audit could be done. It seems a waste auditing code which is likely to change in the near future.

Also don't forget, unlike the TrueCrypt team, Mounir is a known individual, he has a reputation to maintain and a good business name.

He is unlikely to deliberately weaken VeraCrypt. I admit he is now contemplating allowing the weakening of the iteration count, but I assume this will be the last deliberate undermining of VeraCrypt's security.
I agree with the fact that the money from the donation at this time is forwarded to as payment Mounir! Later when the VeraCrypt is more mature will be the right time for an audit done well.
Jan 11, 2015 at 7:56 PM
Edited Jan 11, 2015 at 7:57 PM
TCalhau wrote:
Like so undermining deliberate??????? Please explain it right! :/
.

I am currently attempting to defend against this change here.

https://veracrypt.codeplex.com/discussions/577023

Not enough people know what is being proposed and I think once they do I will receive more support.

Meanwhile I will fight for our case LOL :)
Jan 11, 2015 at 7:59 PM
TCalhau wrote:
I agree with the fact that the money from the donation at this time is forwarded to as payment Mounir! Later when the VeraCrypt is more mature will be the right time for an audit done well.
Thank you for supporting my suggestion. I do believe it would be a better time to do it.
Coordinator
Jan 12, 2015 at 1:27 AM
Concerning the audit, I would like to wait for the completion of most features before starting such effort.

Concerning the donations, I received some generous amounts lately ( a single 100 euros, two 50 euros) plus a dozen donations between 3 and 20 euros. Hopefully, the total of donations since June 2013 would reach 2000 euros before the end of January.
I'm very grateful to all donators who believe on this project and on my work.

As expressed above, the donations for now cover a small part of the development costs. Once a mature version is available, the audit effort can start with dedicated fundings.
Feb 6, 2015 at 11:20 PM
Ars Technica just published this article about the GnuPG crypto project which provides this cost estimate:

"A code audit is one possibility, but such reviews typically cost a minimum of $100,000 for complex crypto programs, and it's not unheard of for the price to be double that."

http://arstechnica.com/security/2015/02/once-starving-gnupg-crypto-project-gets-a-windfall-but-can-it-be-saved/
May 24, 2015 at 4:06 PM
What about creating a crowdfunding an audit? It does not seems like there is coming a new version every month. Maybe it is time to act now.
May 24, 2015 at 5:39 PM
Edited May 24, 2015 at 5:45 PM
BinaryCoder wrote:
What about creating a crowdfunding an audit? It does not seems like there is coming a new version every month. Maybe it is time to act now.
.
I like the idea of crowdfunding an audit once Mounir feels the VeraCrypt software has matured with the added features that he works on in his free time from his day job and family life. Some of the features require careful design and coding which take a lot of time to implement.

I can see initial support for crowdfunding an audit, however I see the support waning for additional audits for each release or even once a year. In my opinion, it would be best to perform the audit once the major features have been completed and used on user's systems for a period of months to prove the features are stable on various computer systems.
May 24, 2015 at 9:34 PM
What features are we talking about?
Coordinator
May 24, 2015 at 9:42 PM
Hi all,

I'm currently finalizing the dynamic mode feature: many users a waiting for this feature since it will enable specifying custom iterations count when using long password (there will be always a minimal value for the iterations to enable a minimal security margin).

Also, the next feature is the boot loader tampering detection: this is a countermeasure that will enable detection of Evil Maid attacks.

Moreover, if I have enough time, I will change Whirlpool implementation to more optimized one because the current one has bad performance.

In the current 1.11-BETA available on Sourceforge, I already implemented the decryption on non-system partitions which was a popular feature.

If everything goes as planned, the next release should be around beginning of July and it should contain all the features I mentioned above. This version should be the basis of any future audit.
May 24, 2015 at 11:01 PM
Wow! Thanks a lot and keep up the good work!
May 27, 2015 at 9:17 PM
Mounir, I'd suggest delaying the audit past July. Looking at the "Issues" and sorting them by descending number of votes, we have:

32 votes - Header deletion and/or panic button
24 votes - GPT System Partition Encryption
17 votes - UniCode 8.0 Basis for VeraCrypt
15 votes - 64-bit Bootloader
11 votes - The ceiling of 64 characters - break it!
11 votes - Support UEFI boot mode
10 votes - Rewrite the bootloader (32-bit)

Several of these are big, important changes that would really remove the ability to rely on any prior audit.

Let's not spend big, big money on an audit just yet. Any gargantuan changes should be fully digested before we even think about spending that much money!
Jan 14, 2016 at 6:24 PM
Edited Jan 14, 2016 at 6:26 PM
idrassi wrote:
Hi all,

I'm currently finalizing the dynamic mode feature: many users a waiting for this feature since it will enable specifying custom iterations count when using long password (there will be always a minimal value for the iterations to enable a minimal security margin).

Also, the next feature is the boot loader tampering detection: this is a countermeasure that will enable detection of Evil Maid attacks.

Moreover, if I have enough time, I will change Whirlpool implementation to more optimized one because the current one has bad performance.

In the current 1.11-BETA available on Sourceforge, I already implemented the decryption on non-system partitions which was a popular feature.

If everything goes as planned, the next release should be around beginning of July and it should contain all the features I mentioned above. This version should be the basis of any future audit.
Hello Mounir,

Greeting from Canada and wish you a Happy New Year.
I guess that the release 1.17 Beta released at the beginning of the year contains more optimized Whirlpool implementation that you talked about above . Is that correct?
As a newbie my question is - once the new release of Veracrypt is available, are we supposed to decrypt the previously encrypted volumes and
re - encrypt using the new version or we just need to use the new version to mount the volume ?

Secondly I wanted to have an update on the status of audit? Is it happening somewhere near future or we are not there yet? Money issues?

Thanks
Jan 21, 2016 at 12:57 PM
asker123 wrote:
I guess that the release 1.17 Beta released at the beginning of the year contains more optimized Whirlpool implementation that you talked about above . Is that correct?
As a newbie my question is - once the new release of Veracrypt is available, are we supposed to decrypt the previously encrypted volumes and
re - encrypt using the new version or we just need to use the new version to mount the volume ?
It still does the same, only the code is improved, so you don't need to do anything, just enjoy the speed. Imagine you have to count sack full of (same) screws - you can count them one by one, or you can use the weighing machine, weigh one, then weigh them all and divide. You will get the same result, but guess what is faster ;-)
Jan 24, 2016 at 1:45 AM
Edited Jan 24, 2016 at 1:47 AM
asker123 wrote:
Secondly I wanted to have an update on the status of audit? Is it happening somewhere near future or we are not there yet? Money issues?
I would say that we are not there yet for the reasons I previously identified (I've updated all the vote totals below):
~~~~~
Mounir, I'd suggest delaying the audit past July. Looking at the "Issues" and sorting them by descending number of votes, we have:

41 votes - Header deletion and/or panic button
41 votes - GPT System Partition Encryption
23 votes - 64-bit Bootloader
19 votes - UniCode 8.0 Basis for VeraCrypt
17 votes - Support UEFI boot mode
17 votes - Rewrite the bootloader (32-bit)
12 votes - The ceiling of 64 characters - break it!

Several of these are big, important changes that would really remove the ability to rely on any prior audit.

Let's not spend big, big money on an audit just yet. Any gargantuan changes should be fully digested before we even think about spending that much money!