On Wednesday, May 28, 2014 users of TrueCrypt, a trusted and reputable encryption software for Windows and Mac, were shocked to discover something had gone awry.
Upon visiting TrueCrypt's webpage, users discovered a message which read,
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."
In addition, users have been instructed to migrate all data over to another encryption service known as Bitlocker. While no one seems to have any information on what has happened to TrueCrypt or why its development has ceased, there's plenty of speculation to go around. Many believe the site must have been defaced by some unknown attacker. However, the most recent TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key, which seem to point to the likelihood that the TrueCrypt warning is legitimate and not simply a troll posted by hackers who've gained unauthorized access.
Others have speculated that perhaps something showed up in the latest audit of TrueCrypt, causing the shutdown. However, according to Matthew Green, a cryptographer who was part of the TrueCrypt audit, the findings of the audit were completely unrelated.
I have no idea what's up with the Truecrypt site, or what 'security issues' they're talking about. @kennwhite
— Matthew Green (@matthew_d_green) May 28, 2014
As more develops in the story we'll continue to update this post.
Writer/Reporter For iDigitalTimes
For More OSX, iOS, Jailbreak And Infosec News