Lecture: The Secret Truecrypt Audit from the BSI
In 2010 the German Federal Office for Information Security (BSI) created a security audit of the encryption software Truecrypt - and didn't publish it.
Truecrypt has an interesting and sometimes mysterious history. The anonymous creators suddenly stopped development in 2014 and warned about unfixed security issues, without further explanation. At the same time a donation-funded security audit was organized by cryptographer Matthew Green, which didn't find any serious issues. A fork of Truecrypt called Veracrypt is still developed today.
The audit by the BSI was only recently revealed with a request according to the German freedom of information law. It contains information about bugs in the code that are present until today.
The talk will present some of these findings and discuss the questionable role of the BSI.
- German BSI withholds Truecrypt security report (Golem.de)
- The documents at "Frag Den Staat"