Update on TrueCrypt …
So, it’s been about a week since the bombshell of TrueCrypt’s demise and I thought it would be useful to present an update.
First and foremost, it doesn’t appear that the sites have been hacked and that the developers have simply decided to abandon the project. The note that TrueCrypt is insecure is theoretically correct in that if problems are found, the software will not be updated. Said another way: The longer you use it, the higher the probability someone will find a weakness in the code that can be exploited.
There are some sites popping up that provide downloads of the last full version of TrueCrypt (version 7.1a), but like my previous warning, I’d not use them at this time. There is nothing to prevent someone from bundling some malware with the installation kit.
The outfit performing the security audit of TrueCrypt has pledged to continue that work. See the twitter feed for the OpenCryptoAudit project.
James Lyne authored the following article in Forbes that provides some thoughts about TrueCrypt going forward entitled TrueCrypt is Back, but Should it be? It’s an interesting read, though still speculative.
So, my advice remains: If you’re using TrueCrypt now, you should be able to continue to use it until you move to another solution. The good news is that solutions exist for specific operating systems:
If you are using Windows 7 or 8, you can encrypt files and directories in-line with the file system using Encrypted File System or EFS. For directions on how to use EFS, see the following Groovy Post article. To encrypt an entire drive, including your “C:” drive, use BitLocker.
If you are using MacOS, then use the Disk Utility to encrypt your files and directories. For directions on this, see the following Indigo article. For entire drives, including your “Macintosh HD”, use FileVault2.
Finally, there are several 3rd party solutions that should provide some cross-platform use.