TrueCrypt, An Open-Source Whole-Disk Encryption System, Leaves Users High And Dry

Next Story

What To Expect At Apple’s WWDC 2014

Users of TrueCrypt, the open-source whole-disk encryption solution for Windows and Mac, should probably find something else ASAP. Ostensibly attributed to Microsoft’s decision to stop supporting Windows XP, the app and website have been pulled from the Internet leaving thousands of users in a lurch.

Write the anonymous creators:

This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Interestingly, a group of users recently crowdfunded an audit of the platform and found “no evidence of back doors” or malicious code in the app. However, even if users wanted to take up the code base, they are stymied by the product’s unusual license. The creators unofficially recommended against forking the product and creating a new version.

“We were happy with the audit, it didn’t spark anything. We worked hard on this for 10 years, nothing lasts forever,” wrote an alleged TrueCrypt Dev named David. Needless to say, it is hard to get back to him for further comment.

What should users do instead? There are obviously the aforementioned Microsoft integrated solutions, including BitLocker, as well as FileVault for OS X. Linux users can install LUKS/dm-crypt.

Some dedicated users have created a mirror of the software, but as the TrueCrypt creators note, “using TrueCrypt is not secure as it may contain unfixed security issues.” Downloader beware.

Many believe that the audit or even a Lavabit-like NSA crackdown that required the creators to pull up stakes. Whatever happened, most users are accepting that TrueCrypt is dead.