The end of TrueCrypt

TrueCrypt, a popular file encryption tool has suddenly announced end of development since May 2014 in view of termination of Microsoft support to Windows XP. STRANGE!

A visit to both links, namely

www.truecrypt.org

and

http://truecrypt.sourceforge.net

shows a page notifying users that using TrueCrypt is no longer secure as it may contain unfixed security issues. The abrupt nature of notice has baffled both users and experts alike, with some even claiming to be a hack on sourceforge. TrueCrypt goes a step further by putting up an entire tutorial on how to enable BitLocker, a Microsoft product having its own performance and compatibility issues.

Slide1

Encryption is basically jumbling up of data in a predefined manner, so as to make it secure. So even if the data is stolen, it will be very difficult to get any meaning out of it. Jumbling and de-jumbling is done by means of software and a set of keys and complex work in the background. User just has to add files, secure with a password and its done.

Encryption is used commonly these days to secure personal files, lock up entire hard disks, make safe boot disks containing system files. It is used to secure data which is on the move on the internet which has put users at peace with the safety of their financial information. And among all this, the developers of TrueCrypt, were the flag bearers of Open Source options to provide a secure tool for personal and enterprise use. No surprise that it was backed by Government agencies and passed a recent audit test with flying colours.

Slide2

According the Security Expert, Runa Sadvik, the latest version of TrueCrypt has been compiled  with a questionable DSA key. This particular version is heavily modified with sudden and unexpected changes which have raised eyebrows in the cyber security community, with some even suggesting inclusion of a backdoor to allow hackers access to your encrypted data. Also strange is the use of “Insecure _app” at numerous places in the code.

Version in question is TrueCrypt 7.2, which removes a lot of critical functions and changes in licensing also.

Questionable changes to a stable version.
Closed source product referred.
Sudden pullout of developers committed to the cause of Open Source.
Serious concerns raised by experts

Close on the heels of the HeartBleed bug of OpenSSL, one suspects the usual government hand in this too. Quite UN-likely that the software was compromised long time back and now someone is trying to cover tracks. Of course, such an attempt would not have been missed, code being available.

But, as of for now use of this software and especially the latest version should be used with extreme caution.

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge