TrueCrypt encryption software 'not secure'
Users given instructions to switch to Microsoft's BitLocker
TrueCrypt, a popular free, open-source program to encrypt your data is "not secure as it may contain unfixed security issues," users are being told.
"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP," added a statement below the warning on red type posted on TrueCrypt's page on SourceForge this week.
Users could previously download the program at the online repository for free. Meanwhile, users who tried to visit TrueCrypt's official webpage were redirected to the SourceForge page.
The web page noted that later versions of Windows — Vista, Windows 7 and Windows 8 — "offer integrated support" for encryption.
Below the statement was instructions on how to migrate data from TrueCrypt to BitLocker, Microsoft's encryption program for recent Windows versions.
The newest version of TrueCrypt, version 7.2, was available for download on the bottom of the page, but it can only decrypt, not encrypt, data. It is presented with additional warnings that "Using Truecrypt is not secure" and "You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt."
The lack of detail on the page caused confusion and initial speculation on the internet that the warning might be the result of a hack or a hoax.
However, internet security blogger Brian Krebs noted that there have been no recent changes to the website's identification data and the latest version of TrueCrypt, uploaded on May 27, used the same security key as an earlier version in January.
"Taken together, these two facts suggest that the message is legitimate, and that TrueCrypt is officially being retired," Krebs wrote on his Krebs on Security blog.
TrueCrypt was created by an anonymous group of programmers and was at one time endorsed by Edward Snowden, the U.S. contractor who leaked secret details of American surveillance programs in 2013. However, the information leaked by Snowden suggested that encryption software may have been undermined by those surveillance programs.
Following that revelation, a group of cryptographers, including Matthew Green of John Hopkins University, raised money to conduct an audit of TrueCrypt's source code to see whether it was really secure. The first part of the review revealed no problems.