TrueCrypt appears to be belly up …
The open-source encryption offering TrueCrypt has been abruptly and (apparently) permanently been pulled off the market. Their website www.truecrypt.org is redirecting to their sourceforge download site, which has a warning that the product isn’t secure and offers help in migrating from TrueCrypt to BitLocker on Windows systems. I’d recommend that if you’re using TrueCrypt to migrate to the encryption package that is integrated in your OS, BitLocker for Windows and FileVault for the Mac. There are also commercial encryption packages available from Symantec among others.
I’ve been a proponent of TrueCrypt in the past and use it myself. I like the ease-of-use and multi-platform support of TrueCrypt, especially since I run all three major OS platforms: Windows, MacOS and Linux. This allows me to easily share encrypted data on all three platforms. Also, I advocated that TrueCrypt be used for an emergency thumb drive, since there was a portable app build that would allow the software to reside on the drive. It also had a very desirable price-point of $0.
The problem with the current situation is not everyone has access to an integrated encryption solution. Only Windows Vista/7/8 Pro and Enterprise have the package, leaving a very large contingent out of luck. MacOS users have it, but not all Linux packages have encryption offerings.
Also, it’s important to note that though this appears to be permanent, there is a small (but dwindling) chance that their website was hacked and there is something more nefarious going on here. The next few days should help clarify this.
So, what to do? First off, there is no need to panic. As long has you have a working version of TrueCrypt, you should be fine for now, though I’d recommend moving off it as soon as is practical. This is especially true if you’re using it for whole disk encryption. One should use the integrated solution for whole-disk encryption if available in any case.
If you don’t have a working version of TrueCrypt and you need to mount an encrypted volume, the sourceforge site provides a version of TrueCrypt for decrypting only. I’d highly recommend NOT downloading it at this time. We need better assurance that this isn’t a hack first.
I’ll post more information on this topic soon, including pointers to instructions for using other solutions. Stay tuned …
Here are a couple articles that provide some more detail:
- True Goodby: ‘Using TrueCrypt is not secure’ by Brian Krebs
- Open Source Crypto TrueCrypt Disappears With Suspicious Cloud Of Mystery by James Lyne in Forbes
- TrueCrypt now encouraging users to use Microsoft’s Bitlocker by Mark Hachman of PCWorld