TrueCrypt Disk Encryption ‘Death’ A Mystery

Thomas Brewster,

Website post says the tool may no longer be secure for usage, amidst rumours of a legal threat

The security world has been left baffled by the apparent closure of the free disk encryption facility TrueCrypt, which issued an online message saying it was no longer secure this week.

A message on the TrueCrypt Sourceforge site said the offering might not be secure “as it may contain unfixed security issues”.

“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images,” the message read.

TrueCrypt_on_windows_vistaNo more TrueCrypt?

“You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

The message recommended using BitLocker, the disk encryption program included in every Windows OS since Vista, and provided a decryption service for TrueCrypt users on Windows, Mac OS X and Linux to move over to a different option.

Some suggested the closure may have been a hoax, the result of a hack. Yet no one from TrueCrypt’s development team, which has remained anonymous since the product’s release, has come forward to confirm or deny it.

Others wondered whether TrueCrypt faced a legal threat and was forced to close, in a similar way that email service Lavabit was shut down.

The service had recently undergone an audit to determine if there were any security issues with the tool, but nothing serious was uncovered.

Either way, it looks as though TrueCrypt is no more, said Sophos’ head of technology Paul Ducklin, in a blog post.

“It certainly looks as though TrueCrypt is finished. If the new web page is true, the project has ended explicitly. If it isn’t true, then it’s going to be tough to re-establish trust in the code, and the project has ended implicitly.”

What do you know about Internet security? Find out with our quiz!