May 30, 2014

What happened to TrueCrypt?

TrueCrypt was supposed to be the last and best line of defense to keep data private through encryption. Now we find out that TrueCrypt is not secure. Did something get changed to cause this, or were we just blindly trusting in insecure software the entire time?

No need to panic: TrueCrypt is still safe (and you can download it here)

"Earlier this week, the website for free encryption software TrueCrypt was updated with mysterious information saying the program might not be secure and to use Microsoft's BitLocker instead. It was abrupt and disconcerning, but here's what really happened.

The anonymous developers of TrueCrypt decided, for reasons still unknown, to kill off the app and created a version 7.2 that could no longer create new encrypted volumes but could only view them. "

This seems to be a bit of an ongoing mystery. One theory, which sounds a little paranoid, is that "the Feds" put the screws on whoever was behind TrueCrypt (it's open source, and the developers are quite secretive). Much like happened with Lavabit, this theory goes, the federal government insisted on backdoors being installed so they could access encrypted data, and the developers refused. I have seen no evidence to support this theory, but it seems like a plausable explaination. 


Another theory is that the devs just got tired of dealing with it and wanted to move onto other projects. Since we can't ask them about it, who knows if this theory has any merit. 


The official line was that with the "death" of Windows XP, TrueCrypt is no longer needed. That sounds super fishy to me. It isn't as if everyone turned off their XP machines and left the room - there are still millions of instances of XP running on PCs around the world. 

Answer this