Snowden-endorsed security software has no NSA backdoors

Snowden-endorsed security software has no NSA backdoors
© Getty Images

An independent audit has concluded that popular encryption software TrueCrypt has no government backdoors or serious security flaws.

The software is popular with privacy enthusiasts and has government leaker Edward Snowden’s stamp of approval.


“Truecrypt appears to be a relatively well-designed piece of crypto software,” said cryptographer Matthew Green, a professor at Johns Hopkins University, in a blog post breaking down the report.

The audit, Green added, “found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.”

But developers behind the product caused a stir when they declared last year that TrueCrypt was no longer secure for its millions of users, quickly shutting down development.

TrueCrypt is used for what’s known as full disk encryption, an additional layer of security on top of the common method of encrypting files separately.

The report, conducted by a team of security researchers, did note several security flaws in the software. But it said those weaknesses would only cause TrueCrypt to crack in limited circumstances.

“This is not the end of the world, since the likelihood of such a failure is extremely low,” Green said.

Green hopes the audit causes developers to take up TrueCrypt’s code again.

The loss of Truecrypt's developers is keenly felt by a number of people who rely on full disk encryption to protect their data,” he said. “With luck, the code will be carried on by others.”