Speculation rages on as to exactly why the developers behind TrueCrypt, the popular open source whole-disk encryption program, abruptly shuttered the project’s website and issued a recommendation that users cease using the software and switch over to Microsoft’s Bitlocker offering.
Reuters now reports that a team of security experts are contemplating an effort to “restore and improve” upon the widely used encryption tool with $70,000 in donations provided by supporters of the project that was intended to verify the security of the code prior to the surprising move by the unidentified developers of the software.
Matthew Green, a cryptography professor Johns Hopkins University, said the group is looking at options to address legal issues associated with the licensing of the TrueCrypt code, which would be the first step in determining whether to make further commitments to verify the security of the software and improve it.
Users who attempt to navigate to TrueCrypt’s website are currently being redirected to a SourceForge repository page that carries the following advisory:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
After some analysis, The Register had reported that a binary TrueCrypt 7.2 installer for Windows that was available on the TrueCrypt SourceForge website may have been tainted with malicious code after noticing that the executable was blocked by the SmartScreen feature when run on a Windows 8.1 virtual system.
Green’s team certainly has their work cut out for them.