[colug-432] truecrypt no more?

[Chris Spackman]

On 2014/08/14 at 08:24pm, Richard Hornsby wrote:

> I didn’t realize until today that Truecrypt had been declared dead -
> http://truecrypt.sourceforge.net

> "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
> This page exists only to help migrate existing data encrypted by TrueCrypt.

This happened a month or so ago (maybe?) and was widely discussed. As
far as anyone knows (last I heard at least), the sudden shutdown has
nothing to do with MS, Apple, Google, or any other big company or
provider of security services.

The most likely explanation that I heard was that someone was trying
to make the devs do something they didn't want to do but could not
legally talk about, so they shut down in a way that followed the
letter of the law but also made it clear that the software was no
longer trustworthy.

One bit of evidence for this is the fact that they recommended closed
source, proprietary software widely believed to already be
backdoored - something no sane, professional security expert would
do. 

Obviously, that is just one example of the many, many theories put
forward. Fact is, the devs may be the only ones who know what they
were thinking.

Just after this news came out, the group doing the independent audit
of the Truecrypt source code released a report on their preliminary,
cursory (I think that is the correct word) look at the code. I believe
that the report basically said that the things they looked at were
okay but that it was too early to say anything about the overall
security of the code.

Personally, I am still using Truecrypt, but only with info that
really, no one aside from me cares about. I am not creating any new
Truecrypt versions, and am moving important data to other encryption
programs as I get the chance.

-- 
Chris Spackman

Respect is earned. Trust is gained. Loyalty is returned.