What information have Microsoft released about the Bitlocker audit(s)? I couldn't find any, although my search wasn't particularly thorough. It seems to me that the value of an audit, for third parties, is that the auditor puts their reputation behind it.
That happens in a statistically negligible number of audits, and most especially in the best cryptographic audits. Which systems has Cryptography Research audited? Answer: you have no idea.
I don't doubt that, but no doubt a great deal of cryptographic audits are produced entirely for internal consumption at the procuring party, and another large chunk of them would be for bespoke software development gigs where the audit is for the benefit of the single customer.
Audits (and here I use the word in its expansive sense) that are intended to build confidence in a large or public audience do tend to be made public.
If that's true, it should be easy to cite audits of important software conducted by well-known cryptography engineering firms. So, tell me: where's the audit of OpenSSL, or SChannel, or NSS, done by Cryptography Research or Riscure? Where's the PGP audit? The LUKS audit?
Can I ask where you came by these opinions of how security audits work? I know where I came by mine.
When I say "the expansive sense" I am not referring to the specific case of security audits. For an example of what I mean, in terms of an audit intended to build confidence in a large audience, this was published in last year's annual report for News Corporation:
The Board of Directors and Shareholders of News Corporation:
We have audited the accompanying consolidated and combined balance
sheets of News Corporation as of June 30, 2013 and 2012, and the
related consolidated and combined statements of operations,
comprehensive (loss) income, equity, and cash flows for each of
the three years in the period ended June 30, 2013. These financial
statements are the responsibility of the Company’s management. Our
responsibility is to express an opinion on these financial
statements based on our audits.
We conducted our audits in accordance with the standards of the
Public Company Accounting Oversight Board (United States). Those
standards require that we plan and perform the audit to obtain
reasonable assurance about whether the financial statements are
free of material misstatement. We were not engaged to perform an
audit of the Company’s internal control over financial reporting.
Our audits included consideration of internal control over
financial reporting as a basis for designing audit procedures that
are appropriate in the circumstances, but not for the purpose of
expressing an opinion on the effectiveness of the Company’s
internal control over financial reporting. Accordingly, we
express no such opinion. An audit also includes examining, on a
test basis, evidence supporting the amounts and disclosures in the
financial statements, assessing the accounting principles used and
significant estimates made by management, and evaluating the
overall financial statement presentation. We believe that our
audits provide a reasonable basis for our opinion.
In our opinion, the financial statements referred to above present
fairly, in all material respects, the consolidated and combined
financial position of News Corporation at June 30, 2013 and 2012,
and the consolidated and combined results of its operations and
its cash flows for each of the three years in the period ended
June 30, 2013, in conformity with U.S. generally accepted
accounting principles.
/s/ Ernst & Young LLP
New York, New York
September 20, 2013
I do not believe the lack of a public security audit of OpenSSL, SChannel, NSS, PGP or LUKS indicates anything other than that either no-one cares enough about building public confidence in those projects to fund such an audit, or that anyone who has is sitting on the results because they weren't good.
The reason I have trouble trusting closed-source crypto is that users don't know when it fails, so they can't judge good from bad. Companies that write closed source crypto exist to make money, and there's good money in backdooring your system for the government. Users are happy (since they don't know), the government is happy (since they get the information), and the company is happy (since it's making money on both sides of the deal). In short: the incentives simply don't align in favor of the user.
Weren't there allegations precisely to this effect that RSA took millions from the government to make Dual_EC_DRBG the default in BSafe? I don't know if it's true, but the fact that it's plausible is a problem for me.
Your suggestion here is that users do know when open-source crypto fails? They manifestly, obviously do not.
It turns out, the kinds of people who are qualified to detect when open-source crypto fails tend also to have the means of detecting failures in closed-source crypto.
The problem with discussions about closed-source crypto is that a whole giant cohort of participants mythologize closed-source code. They imbue it with all sorts of magic powers and handwave away arguments by suggesting that the code is itself unknowable. But nobody who really works in my industry engages with code that way. Nothing Microsoft ships is unknowable. No company on Earth is more scrupulously and aggressively reverse engineered than Microsoft's.
Unfortunately, there's lag in learning about crypto failures in Microsoft's code, and it's the exact same lag as we experience for open-source software. It comes of people not actually understanding a fucking thing about how crypto actually works, and it's a problem not just for generalist engineers but for software security experts as well.
Aside: I've been working through cryptopals over the weekend and I'm enjoying it immensely. Thanks!
I completely agree that both open- and closed-source crypto can fail in ways users do not detect.
The gist of the point I was attempting to make was that the incentives for open-source projects are often ideological, rather than monetary, which reduces the incentive for authors to incorporate weaknesses in exchange for money.
I think the incentive problems with commercial providers are misconstrued; the market --- at least to sophisticated buyers --- is unkind to people who sell their trustworthiness. So commercial providers in fact do have a lot to lose.
To the extent that open source has an edge over commercial software in motivation and ideology, it's cancelled out by the immaturity of the code itself. Cryptography is extraordinarily unforgiving.
Yes: Bitlocker was audited. No company in the world spends more on audits, and is more sophisticated in sourcing them, than Microsoft.