The first release of CipherShed, version, based on git commit be4dc698ffdc8d4414dbde838c2ddc7143c9dac2, is now available.

Downloads and other instructions can be found on our download page.

A small rundown of changes since the last version of TrueCrypt include:

  • Rebranding
  • Mitigation of various buffer overflows
  • Address 100% CPU usage in boot loader (mostly relevant to VMs)
  • Address CVE-2015-7359: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling.
  • Address CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by abusing drive letter handling.
  • Apache 2.0 is now our contributor license
  • Build process is a bit cleaner
  • Signatures are made in both SHA1 and SHA2 for verification on a wider variety of Windows
  • Code coverage is being implemented

Another very big step for CipherShed that’s not part of the release but is worth pointing out is that progress is being made on UEFI boot loaders. This will allow users of Windows 8 and onward to use full disk encryption without switching boot platforms. This is especially important for machines that dropped support for BIOS boot loaders entirely.

As mentioned above, Apache 2.0 is the license that code will be contributed with. A lot of our existing code is still copyrighted E4M or TrueCrypt code, meaning CipherShed still won’t be available in most Linux distributions’ package repositories until the copyright-able code has been replaced.

While this release addresses important security issues, and offers the TrueCrypt community support in their now-defunct product, there’s still important issues with the release itself. The most important of which, is the lack of auditing in our own source code. Followers of the CipherShed project will know that continuous code auditing has been a fundamental goal of ours, as seen on our page on trust, and our wiki, but there’s a lack of contributors to audit the code. Because of this, we thought it would be better to release, rather than leave the community waiting for something that might not even happen at this early stage of CipherShed progress. With a release, we expect that more people will want to contribute.

The other big issue, which is a lot more theoretical than the first, is that our lack of deterministic builds means it’s hard to audit the builds themselves, no matter how trustworthy and reviewed the source code is. Until a deterministic build system is implemented, users will just have to (ironically) trust the builds the same way they had to trust the TrueCrypt builds or builds of any other important software that doesn’t have a deterministic build system.

In conclusion, this release improves upon the last version of TrueCrypt, and will even function as a drop-in replacement for TrueCrypt on Windows systems that are already encrypted with TrueCrypt. This functionality was tested by multiple contributors, but it would still be wise to make a backup of your data if you plan on migrating.