This article discusses what happened to Truecrypt, an encryption software that was previously a popular option for encrypting files and disk partitions.
What is TrueCrypt? Truecrypt used to be a popular software for encrypting files and disk partitions. The software was open-source, which means that the source code could be studied by anyone who wanted to see what it does. Unlike many other encryption tools, this one did not require installing any special drivers or libraries; instead, all of its functionality came from within Windows itself. When you turned on Truecrypt’s “hidden” mode – we’ll talk more about what this does later – it would show up in your list of drives like another hard drive connected to your computer. Files saved there were encrypted with AES 256-bit keys (the same level used by military organizations). This made it impossible for someone without physical access to the machine to get at any data stored there.
What Happened To Truecrypt?- what happened to truecryptopular software for encrypting files and disk partitions. The software was open-source, which means that the source code could be studied by anyone who wanted to see what it does. Unlike many other encryption tools, this one did not require installing any special drivers or libraries; instead, all of its functionality came from within Windows itself. When you turned on Truecrypt’s “hidden” mode – we’ll talk more about what this does later – it would show up in your list of drives like another hard drive connected to your computer. Files saved there were encrypted with AES 256-bit keys (the same level of encryption used by governments), and were mounted after typing in a password.
The first mention of Truecrypt’s possible demise came on May 28th, when the developers said that they had done one final code audit, and found no evidence of any hidden backdoors or intentional flaws. But what about those long-standing rumors that this widely trusted software was actually riddled with bugs? It turns out there is some truth to them: The latest version (version seven) has been full of issues since it was released four years ago – but for many users, taking advantage of these vulnerabilities could be easily detected because it would require mucking around in your system drive itself. So how do you know if you’re using an old vulnerable copy? In theory, you can check the version number on Truecrypt’s website and make sure it’s at least Version six, but as of this writing that link is broken.
It seems like a lot of people were surprised to see an advisory about TrueCrypt disappear from SourceForge today after rumors surfaced over the weekend that developers had discovered what they said was “a deliberately inserted backdoor” in its latest release. It wasn’t clear whether these claims came with proof or not – which might be why there was no immediate statement from Microsoft (despite them being one of the project leaders) when users first started reporting problems last week. But now we do know: The software has been discontinued, so while waiting for a new security-focused replacement program to get off the ground, if you’re still using it or have data encrypted with TrueCrypt on your PC, we recommend that you decrypt and migrate at once.
In light of the findings in this most recent release–and after considerable thought–we are discontinuing support for Truecrypt. This decision was made because security issues were not addressed to our satisfaction during an audit last year (2013). In addition, there is now a serious question as to whether anyone can adequately address these new potential vulnerabilities given how much time has passed since Truecrypt’s development ended in 2011. We do not want to mislead people by making continued claims about what can be done with the code available: If they choose use it themselves then any bugs or poor design choices may lead them into security problems.
We recommend that you decrypt and migrate at once to another solution, such as VeraCrypt which will continue to be maintained with security updates for the foreseeable future. This is a sensible course of action regardless of whether or not Truecrypt was ever used because it protects your data should there be an issue in the encryption algorithm. The same files would have been vulnerable if encrypted using Truecrypt but decrypted under any other program implementing AES-256 bit encryption–so even those without the need to use Truecrypt may want to follow this best practice and protect their information from what might otherwise happen in 50 years when today’s computers are long gone.
However, there are still some users who rely on Truecrypt exclusively: people who lack the skills or knowledge to use more advanced encryption methods, people who want to rely on a trusted source for their information security rather than take the time and energy required to learn how best to do it themselves.
In this circumstance, you might wish to investigate alternatives such as *********, which is an open-source project that offers TrueCrypt compatibility among other features not available in its predecessor. The developers of ********* are committed both ideologically and practically: they have extensive experience with software development and cryptography. Also see “Alternatives” section below for additional options.)
There has been no official word from Open Source Projects – They seem apathetic about what’s happened with Truecrypt but will try out some new encryption programs before deciding what we’ll use.- There are a few forks of Truecrypt, but none have been officially audited so we’re waiting on those results before making any decisions. – We will keep you updated as the story develops and what our plan is going forward with encryption software for Open Source Projects!
Alternatives: VeraCrypt – it’s confirmed to be secure–the only one that has had an audit (though its not open source) and seems promising from initial inspection; although it requires full system encryption which may make some people uncomfortable. It also takes up more disk space than truecrypt (~700 MB versus 500 MB). EncFS – this is probably the best option until something new comes out, because like veracrypt, it can
