Has TrueCrypt been hacked or shelved?

Security

by Jimmy Nicholls| 29 May 2014

Uncertainty over encryption tool used by NSA whistleblower Edward Snowden.

A shutdown message posted on encryption software provider TrueCrypt's website has prompted speculation that legal issues or hacking may have brought an end to the project.

Visitors to the website are presented with a warning that the software is no longer secure, followed by instructions to migrate any data to Microsoft's BitLocker.

A message displayed on the website said: "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images."

The abruptness of the switch has led to many concerns about the safety of the TrueCrypt 7.2 package, with some also speculating that the anonymous developers behind the project were facing legal troubles.

A favoured tool of NSA whistleblower Edward Snowden, TrueCrypt recently began an independent audit following a crowdfunding session raising $60,000.

Following the first phase contracted auditors iSEC reported that there was "no evidence of backdoors or otherwise intentionally malicious code in the assessed areas", though they added there were some vulnerabilities in the code that were probably unintentional.

Matthew Green, a cryptography professor at John Hopkins University in the US, who helped lead the fundraising effort for the audit, thought it "unlikely" that an unknown hacker identified the TrueCrypt developers, stole the private signing key posted at the end of the webpage, and hacked the site.

"Unlikely is not the same as impossible. So it's possible that this whole thing is a hoax. I just doubt it," he added.

"An alternative is that somebody was about to de-anonymise the TrueCrypt developers and this is their response."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

753 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.