TrueCrypt developers mysteriously abandon project
Posted by: Jon Ben-Mayor on 05/30/2014 04:15 PM
[
Comments
]
The developers of the popular open-source encryption software, TrueCrypt, abruptly ended the project by simply posting a notice on the site page that reads - WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Last month, iSEC Partners released a code audit of TrueCrypt and found no backdoors or serious vulnerabilities in the portion of code it reviewed, which included the Windows kernel driver and bootloader.
Tom Ritter, principal security consultant at iSEC Partners, considers the end of TrueCrypt to be a loss to the open-source community.
According to Tom's Guide, there has been specualtion that TrueCrypt may have been pressured to close down in the face of government scrutiny, as encrypted-email service Lavabit was in 2013,
Others suggested that TrueCrypt's website might have just been hacked, or defaced as part of a prank. But independent security expert Brian Krebs says that appears unlikely; he looked at the site's records and found "no substantive changes recently" to its hosting, DNS or WHOIS records.
It seems to be that the mysterious people behind TrueCrypt simply decided to end the project.
"Whether hoax, hack or genuine end-of-life for TrueCrypt, it's clear that no security-consciuous users are going to feel comfortable trusting the software after this debacle," wrote independent security expert Graham Cluley on his blog. "It's time to start looking for an alternative way to encrypt your files and hard drive."
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Last month, iSEC Partners released a code audit of TrueCrypt and found no backdoors or serious vulnerabilities in the portion of code it reviewed, which included the Windows kernel driver and bootloader.
Tom Ritter, principal security consultant at iSEC Partners, considers the end of TrueCrypt to be a loss to the open-source community.
According to Tom's Guide, there has been specualtion that TrueCrypt may have been pressured to close down in the face of government scrutiny, as encrypted-email service Lavabit was in 2013,
Others suggested that TrueCrypt's website might have just been hacked, or defaced as part of a prank. But independent security expert Brian Krebs says that appears unlikely; he looked at the site's records and found "no substantive changes recently" to its hosting, DNS or WHOIS records.
It seems to be that the mysterious people behind TrueCrypt simply decided to end the project.
"Whether hoax, hack or genuine end-of-life for TrueCrypt, it's clear that no security-consciuous users are going to feel comfortable trusting the software after this debacle," wrote independent security expert Graham Cluley on his blog. "It's time to start looking for an alternative way to encrypt your files and hard drive."
Comments
