Given the recent news about NSA's ability to foil encryption soft wares, cryptographer Matthew Green and Kenneth White has started an initiative to examine the Truecrypt disk encryption tool.
Why does it matter?
Since NSA has been snooping in our data without us knowing, decryption of SSL connections and tampering with established standards to make them vulnerable, there needs to be an audit to verify that encryption softwares are truly as secure as they should be. For this very purpose there needs to be an extensive audit of softwares like Truecrypt which is used by many people, including me to a certain extent, for storing sensitive information.
How would the 'audit' work?
- First step would be to resolve license status on the current (v. 7.1a) TrueCrypt source code (license v. 3.0 ) copyright & distribution, in order to create a verified, independent version control history repository (signed source and binary)
- Perform and document repeatable, deterministic builds of TC 7.1a from source code for current major operating systems: Windows 7, Mac Mac OS X (Lion 10.7 and Mountain Lion 10.8), Ubuntu 12.04 LTS and 13.04, RedHat 6.4, CentOS 6.4, Debian 7.1, Fedora 19
- Conduct a public cryptanalysis and security audit of version 7.1a
I wholly support this cause and hope everyone would help ensure we have trustworthy encryption available.
Contribute
To contribute you can check the FundFill site, or IndieGoGo site. [Note: Both sites accept Credit cards; Fundfill accepts Bitcoins and IndieGoGo accepts Paypal and eChecks]
Contributions are not limited to monetary only but if you're an information security professional/expert/hobbyist then you can help identify bugs in the software.
Official Site