Truecrypt shutdown – 5 questions that must be asked

If you visit www.truecrypt.org you see this text below. If you install the software, you see it quite a couple of times.

The domain www.truecrypt.org  is only redirecting now to www.truecrypt.sourceforge.net.

truecrypt-warning

There are many articles written on this topic, especially on “WHY?”.

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

And when you try to download it:

Download:

WARNING: Using TrueCrypt is not secure

You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.

TrueCrypt 7.2sigkey

If you use TrueCrypt on other platform than Windows, click here.

So, you can still use it.

And it works as expected, only that you will get from time to time some warnings.

So far, so good…

 

But the biggest question is WHY did they shut down the project?

Most important, why now?

 

But let’s start with the beginning.

1. Who are “they” ?

We don’t know. The authors of the software are unknown.

 

2. Why?

Can it be that NSA or somebody else, identified the devs and requested them to insert some backdoor or to provide somehow the keys (which are generated unique for each user) to some government agency?

Speculations… especially because it is not know who the developers are. But maybe NSA knows…

This has happened before with Lavabit. But, here is a bit different because there is no “master key” or something similar. Just the possibility to create backdoors.

 

3. Not secure?

What does it have to do with Windows XP? Yes, there is no “native” encryption on XP, but… come on…  The recent code audit  (phase 1) showed a few issues, but nothing critical and no “created” bugs. Just coding bugs. So, no conspiracy theory… just plain programming errors in very complex code.

 

4. Was the operation sponsored by Microsoft?

The obvious advertisement on the website recommends Microsoft’s BitLocker as the replacement for Truecrypt on Windows. There are other alternatives….It is true though, that none of them is free of charge.

 

5. Is this the end of encryption? 

No, it looks like that the community is gathering some money to fund the project and continue it.

As the closure of Lavabit showed, only after it was shut down many others have started to create alternatives to it. So, it can be that the same will happen with Truecrypt. It is true that you can’t compare encryption with email service, but still… it is possible.

 

Conclusion:

It appears that for some unknown reasons, the unknown developers of Truecrypt have given up the work and abandoned the project. I hope that somebody will take it from there and make it better.

 

 

 


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch