If you visit the website of the popular open-source encryption tool TrueCrypt, you’ll see a surprising message:
In the last 24 hours or so, truecrypt.org has redirected to the project’s homepage on SourceForge, where the abrupt announcement of TrueCrypt’s demise has been announced.
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt.
The announcement has caught many people on the hop – the software is widely used by security-savvy users to encrypt their sensitive files and entire hard drives, and only last month TrueCrypt underwent the first phase of an independent security audit, which “found no evidence of backdoors or intentional flaws”.
Initially there were suspicions that the TrueCrypt webpage could have been defaced, or that a rogue member of the TrueCrypt team could have mischievously updated the site with the abrupt message, or that TrueCrypt had been forced into making the sudden move after undue pressure from the authorities (à la Lavabit).
But as more time goes on, there is a growing consensus that TrueCrypt’s anonymous developers might have genuinely decided to close the project – albeit in a somewhat bizarre fashion.
The webpage now offers a new decrypt-only version of TrueCrypt (version 7.2) for Windows, Mac OS X and Linux.
Until the situation is clearer, however, you might be wise to be wary of downloading that software.
Whether hoax, hack or genuine end-of-life for TrueCrypt, it’s clear that no security-conscious users are going to feel comfortable trusting the software after this debacle. It’s time to start looking for an alternative way to encrypt your files and hard drive.
Feel free to leave your suggestions of what solutions you recommend in the comments below.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.