Skip to content ↓ | Skip to navigation ↓

The developers behind TrueCrypt, the widely used open source whole-disk encryption program, have surprised the web-o-sphere by unceremoniously shuttering the project’s website and issuing a recommendation that users cease using the software and switch over to Microsoft’s Bitlocker offering.

Users who attempt to navigate to TrueCrypt’s website are being redirected to a SourceForge repository page that carries the following advisory:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

The announcement is no less than startling, as there were apparently no prior indications the project would be abandoned. Even more concerning, The Register reports that a binary TrueCrypt 7.2 installer for Windows that is available on the TrueCrypt SourceForge website may be tainted with malicious code.

“We ran the executable in a virtual machine so that you don’t have to, and on Windows 8.1 it was blocked by the SmartScreen feature, suggesting it may contain malware. Launching it on an older system immediately displayed the “warning” message before installation proceeded, and the dropped executables contained the above quoted text,” the Register’s Neil McAllister wrote.

“Judging by the source, the new software not only pops up a warning to not rely on TrueCrypt, it refuses to encrypt data – thus encouraging users to migrate to alternative disk and file encryption utilities. The binaries are cryptographically signed by the TrueCrypt developers, but it’s believed a new and untrusted key was used.”

More on these developments is sure to come out soon, and users are encouraged to exercise caution in the meantime.

Read More Here…

Tripwire University
  • John

    Today isn't April 1, is it?

  • Dave

    While the circumstances certainly seem odd, this is not a new tack by encryption vendors. Security vendor Sophos has also been encouraging users to enable BitLocker on Windows and FileVault on OS X. While not dropping support for their SafeGuard product entirely, they seem to be letting it slowly slip into the ether. The latest release of SafeGuard Enterprise touts " the ability to manage multiple platforms from a single console" with support for BitLocker and FileVault.