TrueCrypt Mystery – Is it Really Insecure?


TrueCrypt, the most popular free and open source encryption software, has abruptly changed its homepage to display a message saying that the software is not secure and suggesting that existing users should migrate to Bitlocker:

trucrypt - migrate to bitlockerAs you can imagine, the net is abuzz with news of this strange message. Some are saying that, because it was so sudden, the website must have been hacked. The consensus among most security experts however, is that the new page and its message are genuine. If that is indeed the case, then it’s probably safe to assume that TrueCrypt has been compromised in some way.

At the moment there are more questions than answers – Is it hackers? Is the NSA involved? Has the audit team found something sinister? – It’s all speculation though and no-one really knows what’s going on for sure. It doesn’t help that the developers are a secretive and anonymous bunch either.

truecrypt-logo 1

It does seem kind of strange for open source connections to be promoting something as closed source as Bitlocker though, especially when Microsoft’s encryption tool is not available on basic Windows versions, including the popular and widespread Home editions.

Matthew Green, one of the security researchers involved with the TrueCrypt audit, has Tweeted that he believes the announcement is legitimate. So it would appear unlikely that a sinister audit finding is at the core.

A new version of the software, which was released simultaneously with the announcement, no longer supports encryption, but simply allows users to decrypt. Most security experts are labeling this latest version ‘suspicious’ and advising users NOT to download it.


Software developer Jonathan Zdziarski, who worked as a cryptographer on the TrueCrypt project Tweeted a warning against using the new version – or any recent version, for that matter… “If TrueCrypt.org is compromised, it’s likely been compromised a good while. I wouldn’t trust any recent downloads of the software.”

It makes for a difficult situation when the reality is so obscure, and until more reliable information comes to hand, the rumors and speculation will remain just that.

 

About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are 11 comments

Comments are closed.