Users of TrueCrypt, the open-source whole-disk encryption solution for Windows and Mac, should probably find something else ASAP. Ostensibly attributed to Microsoft’s decision to stop supporting Windows XP, the app and website have been pulled from the Internet leaving thousands of users in a lurch.
Write the anonymous creators:
Interestingly, a group of users recently crowdfunded an audit of the platform and found “no evidence of back doors” or malicious code in the app. However, even if users wanted to take up the code base, they are stymied by the product’s unusual license. The creators unofficially recommended against forking the product and creating a new version.
“We were happy with the audit, it didn’t spark anything. We worked hard on this for 10 years, nothing lasts forever,” wrote an alleged TrueCrypt Dev named David. Needless to say, it is hard to get back to him for further comment.
What should users do instead? There are obviously the aforementioned Microsoft integrated solutions, including BitLocker, as well as FileVault for OS X. Linux users can install LUKS/dm-crypt.
Some dedicated users have created a mirror of the software, but as the TrueCrypt creators note, “using TrueCrypt is not secure as it may contain unfixed security issues.” Downloader beware.
Many believe that the audit or even a Lavabit-like NSA crackdown that required the creators to pull up stakes. Whatever happened, most users are accepting that TrueCrypt is dead.