Hacker News new | past | comments | ask | show | jobs | submit login

They VeraCrypt developer claims to have fixed several weaknesses in the TrueCrypt codebase in this interview: https://www.youtube.com/watch?v=rgjsDS4ynq8

Will be interesting to follow the audit.




Anyone know if those fixes has flow back to the Linux kernel implementation of True Crypt (tcplay / LUKS)?


"dm-crypt" is the infrastructure in the linux kernel that deals with block device encryption.

TrueCrypt,VeraCrypt,zuluCrypt,tcplay,cryptsetup among others use this infrastructure to do user data encryption/decryption.

What these project do is parse a volume header on a volume to get crypto properties and then pass them to dm-crypt for it to do everything else.

The difference between a TrueCrypt volume,a VeraCrypt volume and a LUKS volume is in how their crypto properties are stored on the header and dm-crypt is not aware of any of these projects.

Once you know crypto properties of a volume,you can skip all these projects and go straight to dm-crypt and manually create the encryption mapper using dmsetup. All the necessary information about an open encryption mapper looks like below:

  [root@ink mtz]# dmsetup --showkeys table

  zuluCrypt-500-NAAN-luks.img-2363596225: 0 16384 crypt aes-xts-plain64 afaeef82a6a823e226b0f22289404f1eac5b262b5d1984b7de9328cb571dd3f3 0 7:0 4096 1 allow_discards

  [root@ink mtz]#




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: