| Friday May 27th 2016

The Fall of TrueCrypt

Many have suggested intelligence agencies are behind this. A good conspiracy theory is always fun, but in this case, there may be an entirely prosaic justification.

Some wonder if the coder behind TrueCrypt has taken offense to the security audit his code is currently undergoing, and in response, has spitefully decided to close down the entire project.

security encryptionThe auditors checking the code have regularly criticized the code’s quality. They’ve also said nearly all the code appears to be the work of a single individual.

When closing down the project, the maintainer suggested users adopt a Microsoft product of extremely questionable usefulness. If the project were being shut down to help Truecrypt users, why recommend a solution that most believe to be insecure?

If this is a warrant canary, why recommend the Microsoft product? Closing down would be enough of a signal, more than enough. The source code is out there. If there were a hole, why not quietly point the security auditors towards that hole? If there is no hole, why not license the code under better terms?

The author’s refusal to adopt a proper license combined with this extremely odd way of shutting down the project make a strong argument that petulance is driving this, not interference from intelligence agencies.

If you would like to continue to use the “insecure” TrueCrypt 7.1a, all downloads may be found here.

TrueCrypt Official Website
Download TrueCrypt 7.1a

Related Posts: On this day...