The lack of detail on the page caused confusion and initial speculation on the internet that the warning might be the result of a hack or a hoax.
It is presented with additional warnings that "Using Truecrypt is not secure" and "You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt." The newest version of TrueCrypt, version 7.2, was available for download on the bottom of the page, but it can only decrypt, not encrypt, data.
The web page noted that later versions of Windows - Vista, Windows 7 and Windows 8 - "offer integrated support" for encryption.īelow the statement was instructions on how to migrate data from TrueCrypt to BitLocker, Microsoft's encryption program for recent Windows versions. Meanwhile, users who tried to visit TrueCrypt's official webpage were redirected to the SourceForge page. Users could previously download the program at the online repository for free. "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP," added a statement below the warning on red type posted on TrueCrypt's page on SourceForge this week. it'll get audited, forked and maintained under a different license.TrueCrypt, a popular free, open-source program to encrypt your data is "not secure as it may contain unfixed security issues," users are being told. In other words, we're on our own.īut that's okay, since we now know that TrueCrypt is regarded as important enough (see tweets above from the Open Crypto Audit and Linux Foundation projects) to be kept alive by the Internet community as a whole. The TrueCrypt development team's deliberately alarming and unexpected “goodbye and you'd better stop using TrueCrypt” posting stating that TrueCrypt is suddenly insecure (for no stated reason) appears only to mean that if any problems were to be subsequently found, they would no longer be fixed by the original TrueCrypt developer team. They say it "may contain unfixed security issues" (like all software) and that they're dropping all development. The developers never divulged what the security issues are, or even if they know of any. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform. Such integrated support is also available on other platforms (click here for more information). Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. This page exists only to help migrate existing data encrypted by TrueCrypt. WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues This sounds like some r/conspiracy type of thing. You can avoid the cold boot attack by not leaving your volumes mounted when you don't need them. However if you're just trying to stop people other than the operatives of a Western government reading things like your credit card number, bank details, source code, documents etc if they steal your laptop, TrueCrypt 7.1a is probably more than sufficient. However I suspect that Bitlocker is probably an easier target. Also it's not entirely clear that they can't break TrueCrypt if they really want to and given enough time. If you're a terrorist they'll just drone your ass without any actual proof being needed. If the police get hold of an encrypted volume they'll subpoena the decryption key and if you don't provide it you're screwed - certainly in the UK that is the case. Incidentally if you're under investigation for criminal activity TrueCrypt will not help you in most jurisdictions. Thus I'd recommending getting the last known good version. Now call me cynical but I think 2) or 3) or a mix of them are a lot more likely than 1). The NSA have decided that TrueCrypt is too secure and they have a way to get into Bitlocker, and have paid the developers of TrueCrypt to tell people to migrate. Microsoft paid them a pile of cash to stop working and recommend Bitlocker because they want to get people to use it. They've decide Bitlocker is better and are acting in good faith by recommending it The developers of TrueCrypt know it is insecure and have decided for whatever reason not to fix. Now you can get the last release before that, i.e. The developers have made one more release 7.2 which is plastered with security warnings It says TrueCrypt is insecure and strongly advises you to move to Bitlocker.