TrueCrypt End of Life ?!



Schneier on Security > TrueCrypt WTF
I have no idea what's going on with TrueCrypt. There's a good summary of the story at ArsTechnica, and Slashdot, Hacker News, and Reddit all have long comment threads. See also Brian Krebs and Cory Doctorow.

Speculations include a massive hack of the TrueCrypt developers, some Lavabit-like forced shutdown, and an internal power struggle within TrueCrypt. I suppose we'll have to wait and see what develops.

Tags: encryption, TrueCrypt
Posted on May 29, 2014 at 8:02 AM42 Comments

Over on Krebs they're saying:
The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP.
Last edited:


Yes it is. Hang on to your older version of TC.

Another interesting read: The Register > TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead
One intriguing possibility – and one that's it's very difficult to either prove or disprove – is that this is a warrant canary triggered by pressure on TrueCrypt's developers by the feds to backdoor the software – which is favoured by the likes of Edward Snowden and his journo pals. Effectively, it would be a signal to the world that something is not right, without breaching any gagging order that may also be in place.

It could even be in response to a threat to unmask the development team.

"Somebody was about to de-anonymize the Truecrypt developers, and this is their response," suggested Prof Green.

Veteran security world watcher Graham Cluley said: "Whether hoax, hack or genuine end-of-life for TrueCrypt, it’s clear that no security-conscious users are going to feel comfortable trusting the software after this debacle. It’s time to start looking for an alternative way to encrypt your files and hard drive."

The outlook for those who rely on TrueCrypt to encrypt their drives and/or files just became overcast with doubt.

Johannes Ullrich of the SANS Technology Institute recommended FileVault and LUKS, for Mac OS X and Linux users, respectively, as potential alternatives. "Sadly, these are not compatible with each other. You will need to find a replacement for portable media that need to move between operating systems. PGP/GnuPG comes to mind as an option," he advised.

An earlier list of alternatives to TrueCrypt put together by security expert The Grugq can be found here.


New Member
Intriguing is the first sentence on What we have there:

Using TrueCrypt is not secure as...