Truecrypt shutdown – 5 questions that must be asked

If you visit you see this text below. If you install the software, you see it quite a couple of times.

The domain  is only redirecting now to


There are many articles written on this topic, especially on “WHY?”.

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

And when you try to download it:


WARNING: Using TrueCrypt is not secure

You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.

TrueCrypt 7.2sigkey

If you use TrueCrypt on other platform than Windows, click here.

So, you can still use it.

And it works as expected, only that you will get from time to time some warnings.

So far, so good…


But the biggest question is WHY did they shut down the project?

Most important, why now?


But let’s start with the beginning.

1. Who are “they” ?

We don’t know. The authors of the software are unknown.


2. Why?

Can it be that NSA or somebody else, identified the devs and requested them to insert some backdoor or to provide somehow the keys (which are generated unique for each user) to some government agency?

Speculations… especially because it is not know who the developers are. But maybe NSA knows…

This has happened before with Lavabit. But, here is a bit different because there is no “master key” or something similar. Just the possibility to create backdoors.


3. Not secure?

What does it have to do with Windows XP? Yes, there is no “native” encryption on XP, but… come on…  The recent code audit  (phase 1) showed a few issues, but nothing critical and no “created” bugs. Just coding bugs. So, no conspiracy theory… just plain programming errors in very complex code.


4. Was the operation sponsored by Microsoft?

The obvious advertisement on the website recommends Microsoft’s BitLocker as the replacement for Truecrypt on Windows. There are other alternatives….It is true though, that none of them is free of charge.


5. Is this the end of encryption? 

No, it looks like that the community is gathering some money to fund the project and continue it.

As the closure of Lavabit showed, only after it was shut down many others have started to create alternatives to it. So, it can be that the same will happen with Truecrypt. It is true that you can’t compare encryption with email service, but still… it is possible.



It appears that for some unknown reasons, the unknown developers of Truecrypt have given up the work and abandoned the project. I hope that somebody will take it from there and make it better.




© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: