While TrueCrypt, the popular encryption software may have been killed under mysterious circumstances, efforts are “On” to give it a future. No reasons were given by TrueCrypt’s developers for their decision to kill the popular open source software, nor was it handed over to any community or any other developer, giving rise to a lot of speculation about the step.
Was the site compromised? Was it under legal, NSA or governmental influence? Or was the software really unsafe, unsecure and untrustworthy – as stated?
The latest version was removed and replaced with a decrypt-only version. The site now advocates moving from TrueCrypt to Microsoft BitLocker.
TrueCrypt must not die
The Internet works differently. No one really “owns” anything as such. Although TrueCrypt’s developers may have unceremoniously killed the product, there are others who are ready to start on its open-source code development and upkeep.
TrueCrypt.ch has been started by two people from Switzerland. Thomas Bruderer and Joseph Doekbrijder are organizing the effort to keep it alive and organize a future for TrueCrypt. They, as do some others, believe that there were no security issues with the software.
Was it really just the end of a 10year effort, or was it driven by some government. While a simple defacement is more and more unlikely we still don’t know where this is going. However the last 36 hours showed clearly that TrueCrypt is a fragile product and must be based on more solid ground. We start now with offering to download the TrueCrypt file as is, and we hope we can organize a solid base for the Future.
Gibson’s too believes that ‘TrueCrypt is still safe to use’.
Those who believe that there is something suddenly “wrong” with TrueCrypt because its creators have decided they no longer have so much to give, are misguided. The TrueCrypt development team’s deliberately alarming and unexpected “goodbye and you’d better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team.
So then, is TrueCrypt audited yet and safe?
Phase I of the audit is complete, and a report is available. Phase II begins on the formal cryptanalysis.
Thanks Gary.
