TrueCrypt audit finds “no evidence of backdoors” or malicious code

On Monday, after seven months of discussion and planning, the first phase of a two-part audit of TrueCrypt was released.

The results? iSEC, the company contracted to review the bootloader and Windows kernel driver for any backdoor or related security issue, concluded (PDF) that TrueCrypt has: “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”

While the team did find some minor vulnerabilities in the code itself, iSEC labeled them as appearing to be “unintentional, introduced as the result of bugs rather than malice.”

Read 7 remaining paragraphs | Comments