TrueCrypt 7.1a Audit Results

Topics: Technical Issues
Sep 18, 2015 at 2:57 PM

Which of the following is still an issue with VeraCrypt?
  1. CryptAcquireContext may silently fail in unusual scenarios
  2. AES implementation susceptible to cache-timing attacks
  3. Keyfile mixing is not cryptographically sound
  4. Unauthenticated ciphertext in volume headers
A cursory glance at tells me that #3 still affects VeraCrypt.

Which issues are still relevant and is anyone assigned to fixing them?
Sep 19, 2015 at 1:24 PM
Edited Sep 19, 2015 at 6:05 PM
The CryptAcquireContext issue was fixed in 1.0f-2 that was released 5 months ago on April 5th 2015. This is documented in the release notes:
For the other three point you can read my comments on the audit that I published on April 3rd 2015:

You'll find their an objective evaluation of the impact of the remaining issues. Please feel free to comment on the evaluation above.