What Happened to TrueCrypt?
By Karla Danica Figuerres | May 30, 2014 2:50 PM EST
The users of the trusted and revered encryption software for Mac and Windows, TruCrypt were shocked to find something had gone awry on May 28.
TrueCrypt Web site, is typically a place to download source code, TruecCrypt binaries, PGP keys, and view best practices and documentation but it immediately forwards to a SourceForge page that warns users that the development has stopped and it may contain unfixed security issues.
Upon visiting TrueCrypt's Web site, users discovered a message which says,
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."
Moreover, users were instructed to migrate all data to another encryption service, the Bitlocker. Although, no one appears to have any information on what happened to TrueCrypt or why its development has ceased out of the blue, there are a lot of speculations on what happened. Some believed that the Web site was defaced by an unknown hacker but it must be noted that the TrueCrypt version 7.2 was certified with the official private signing key, which means that the warning is legitimate and not simply a troll posted by hackers.
Twitter was flooded with a bunch of speculations about what happened to TrueCrypt. The message on the Web site is really hard to take at face value. From the start, the project was already mysterious, as developers were anonymous, so there is no one to go for an explanation to what happened to TrueCrypt.
Meanwhile, according to Matthew Green, a cryptographer and research professor at the John Hopkins University Information Security Institute, who led the TrueCrypt audit project, he has no insight on what has transpired. In an interview with Bian Krebs he revealed that he believed that the TrueCrypt team is responsible for it and his guess is that they just wanted to quit and it is their way of doing it with a bang.
To contact the editor, e-mail: