SecureState Blog

Read SecureState's award winning blog.

Is this the end of the popular open source file and disk encryption software TrueCrypt?

Logo for TrueCrypt

There has been a great deal of speculation and mystery surrounding the popular and reputed open source file and disk encryption software, TrueCrypt. Sometime within the last 48 hours, the anonymous developers of TrueCrypt shut down the site and began redirecting users to aSourceForge page. The temporary page displays a message that the software has been discontinued and strongly recommends users to stop using the encryption tool. Further, it provides instructions for migrating information to Microsoft’s BitLocker.

TrueCrypt Hijacked

TrueCrypt developers have not provided any additional details or explanation as to why the highly used encryption tool was shut down so abruptly. It is unclear whether this is a defacement of the site or something more controversial. Many members of the security community have been debating the real reasons that forced the developers of TrueCrypt to abruptly shut down the site.

At first, most users thought this was a hoax. TrueCrypt had just released the new 7.2 version of the Software days before. However, upon further investigation, users realized this was a more serious incident and many in the security community began to think that the 7.2 version was intentionally tampered with. Version 7.2 only allows users to decrypt and does not allow data to be encrypted. Users then began to believe that the encryption tool was hijacked anonymously and created false alarms. As more people began to analyze the situation, it became clear that other issues may have been present.

Some speculate that the developers may have been aware of critical vulnerabilities or a backdoor that would compromise the integrity of the Software. With this being said, many questioned if the US Government was somehow involved and requiring TrueCrypt be shut down because of vulnerabilities and other compliance issues. Ironically, TrueCrypt was recently the focus of a security audit conducted by iSEC Partners earlier this year and it’s well known that NSA whistleblower Edward Snowden promoted and used TrueCrypt. In a strange twist to all of this Edward Snowden was interviewed by NBC news yesterday which added to the TrueCrypt drama.

There has even been consideration that the developers have been harmed or threatened. Conversations and speculations continue to develop as users wait to hear from the developers.

Next Steps

While users wait for an official answer, SecureState recommends the following options at this point:

  • Use an older version of TrueCrypt and stay the course until more information is known
  • Running Microsoft Windows?
    • Migrate to BitLocker
    • Purchase a third-party commercial encryption product
    • Running Linux? Use dm-crypt or these other alternatives
  • Running Apple OS X?