background preloader


Facebook Twitter


Alternatives. PGP. The life and untimely demise of TrueCrypt. The developers of TrueCrypt, a once highly respected, open-source encryption application, have apparently folded their tents and disappeared. Left behind are questions and paranoia — and a message that users should migrate to other encryption platforms. Leading the way to public data encryption TrueCrypt was first released back in 2004 — well before most other mass-market encryption platforms became mainstream, and certainly long before we became aware that the U.S. National Security Agency (NSA) was trying to tinker with these security apps for its own ends. It was built and has been maintained by an anonymous group of developers known simply as the TrueCrypt team.

According to Wikipedia, the TrueCrypt moniker is “registered in the Czech Republic under the name “David Tesařík.”... S | TrueCrypt, the final release, archive   Yes . . . TrueCrypt is still safe to use. Google is generating a false-positive alert Recent attempts to download the TrueCrypt files here, using Chrome or Firefox (Mozilla uses Google's technology), have been generating false-positive malware infection warnings. They must be false-positives because no change has been made to the files since this page was put up nearly a year ago (May 29th, 2014) and many people have confirmed that the downloaded binaries have not changed and that their cryptographic hashes still match.

Also, the well-known and respected “VirusTotal” site, which scans files through all virus scanners reports ZERO hits out of 57 separate virus scan tests: VirusTotal scan results. We have no idea where or why Google got the idea that there was anything wrong with these files. The mistake these developers made was in believing thatthey still “owned” TrueCrypt, and that it was theirs to kill.

But that's not the way the Internet works. TrueCrypt's creators may well be correct. An Imagined Letter from the TrueCrypt Developer(s) | Steve (GRC) Gibson's Blog. As I wrote yesterday, we know virtually nothing about the developer(s) behind TrueCrypt. So any speculation we entertain about their feelings, motives, or thought processes can only be a reflection of our own.

With that acknowledgement, I’ll share the letter I think they might have written: TrueCrypt is software. Frankly, it’s incredibly great software. It’s large, complex and multi-platform. TrueCrypt is open source. After ten years of this mostly thankless and anonymous work, we’re tired. But hard drives have finally exceeded the traditional MBR partition table’s 32-bit sector count. 2.2 terabytes is not enough. We’re not bitter. Good luck with your NSA, CIA, and FBI. /Steve. Like this: Like Loading... Is TrueCrypt dead? – Ask Leo! The TrueCrypt project appears to have suddenly and without warning been shut down. I'll look at what it all means, and most importantly whether or not you need to take action. That was the question circulating internet support and security forums and discussions after the TrueCrypt site was unexpectedly replaced with a message that presented several potentially dire, and yet very vague warnings. Like many I’ve recommended using TrueCrypt for years, and in fact I’m a very heavy user of it myself.

Is it dead? I’ll review what we do know, what I’m doing, and what I recommend most people do. But first, the bottom line I believe TrueCrypt, specifically TrueCrypt 7.1a, remains secure. In my opinion you do not need to stop using TrueCrypt. I believe that the claims that it is “not secure” are in all likelihood simply their attempt to distance themselves from any possibility responsibility so that they can move on with their lives. What happened The speculation The developers simply deciding to quit. Legit or hack? TrueCrypt posts mysterious update | Encryption. In what's been variously described as a hacking attempt, a prank, a hoax, or a veiled message, the website and SourceForge repositories for the TrueCrypt encryption project now feature a warning not to use TrueCrypt due to "unfixed security issues.

" Even stranger, both the source code and the binaries for TrueCrypt have been modified to prevent users from creating new encrypted volumes -- and the changed code appears to have been signed with legitimate encryption keys. Consequently, speculation has run rampant about what actually happened. Maybe the changes in question were the product of a malicious hack attempt or a prank. Perhaps they were part of a larger plan to force the secretive TrueCrypt development team to reveal itself. Or maybe they had in fact been performed by TrueCrypt's own team, either voluntarily or under duress. Other aspects of the warning are also curious, since they seem to focus mainly on Windows, despite the fact that TrueCrypt is a cross-platform application. Important Information If You Use TrueCrypt. TrueCrypt has been the freeware encryption software of choice for millions of users for more than a decade. However, some time yesterday, the TrueCrypt web site which hosts the download was replaced with a page warning that TrueCrypt is no longer secure, that development has ceased, and that you should stop using it.

A new version of the software was also released, which no longer supports encryption. It simply allows you to read your current encrypted files so that you can switch to alternative software. At present, the reasons for the abrupt ending of TrueCrypt development are not known. If you are currently using TrueCrypt, here's what you need to do: 1. That One Time I Threw A CryptoParty With Edward Snowden. In baffling move, TrueCrypt open-source crypto project shuts down.

Computerworld - In a move that appears designed to provoke widespread questions, the anonymous managers of the TrueCrypt open-source encryption project abruptly pulled the plug on the effort without explanation. A mysterious message posted on the project's website on Wednesday warned users of unfixed security errors in TrueCrypt and cautioned them about the software not being secure.

The website provided detailed steps for TrueCrypt users to migrate to BitLocker, a commercial encryption tool. BitLocker is also Microsoft's encryption tool that ships with Windows. "This page exists only to help migrate existing data encrypted by TrueCrypt," the website stated. "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.

Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. " The announcement caused widespread bafflement in the IT security industry. There have been some 29 million downloads of TrueCrypt . Hacker Tradecraft : Alternative TrueCrypt Implementations. HOWTOs. Online shop. BestCrypt Container Encryption Encrypt selected files or folders Store selected files/folders in encrypted containers (virtual drives)Move BestCrypt container files between any storage media, across Windows, Linux and Mac OS XWindows version includes standard BCWipeWant to control BestCrypt on remote computers?

See Enterprise Edition with central management BestCrypt Volume Encryption Encrypt all data on fixed or removable storage Transparently encrypt and access whole Windows partitions or volumesMore flexible alternative to full disk encryptionEncryption for old MS-DOS style partitions and modern RAID volumesWant to control BestCrypt on remote computers? Refund policy: Jetico software is available for download with 21-day free trial. Product delivery: All Jetico software is delivered electronically. Wiki. So long TrueCrypt, what now? – Nothing Just Works. I imagine most people are aware that TrueCrypt shut down mysteriously yesterday, which is funny as I just wrote about them in my previous blog entry about lessons learned from HeartBleed.

There is a lot of speculation right now, and as fun as that is, we don’t know the story yet and may never fully know it. FOSS projects explode for a lot of reasons and we can’t discount government involvement either. From a practical perspective all we can do is move on and adapt. TC was easy to use, had a friendly GUI, FOSS, and Windows compatible. 1. 7zip. 2. 3. 4. gpg4win. 5.

What I wouldn’t use is Bitlocker, which is what the TC site recommends. If you know of anymore alternatives, please post them in the comments section. TrueCrypt suggesting migration to BitLocker? - Signature is valid, so it's not a defacement. ( ) - The version there works and does not seem to have a trojan, so probably not a regular hacker. ( ) - Instructs to migrate to dubious alternatives, so it's not a legit security effort. - License change, precise instructions and decrypt-only version indicate it's not a completely rushed press release. (license change: ) - On the other hand the Linux instruction is a joke, so it's not completely well thought either. ( ) - The security audit was so far ok, so it's not a sudden vulnerability discovered there. ( ) - Source code includes unrelated changes, so it probably comes from a developer. . ( Encryption v20.10 - 18-lord-cryptanalysis.pdf. TrueCrypt WTF. I have no idea what's going on with TrueCrypt. There's a good summary of the story at ArsTechnica, and Slashdot, Hacker News, and Reddit all have long comment threads.

See also Brian Krebs and Cory Doctorow. Speculations include a massive hack of the TrueCrypt developers, some Lavabit-like forced shutdown, and an internal power struggle within TrueCrypt. I suppose we'll have to wait and see what develops. Tags: encryption, TrueCrypt. TrueCrypt quits? Inexplicable. It may rank up there with the greatest mysteries of history: What is Stonehenge? Who was Jack the Ripper? What happened to TrueCrypt?

TrueCrypt (is? Was?) An open-source software project for file and full-disk encryption. It was fairly well known and respected. And yet, some time Wednesday, the TrueCrypt project site began displaying a message of abject surrender. All day Twitter was full of speculation about what happened. Early on, it was possible to dismiss as a defacement of the web site, but it's lasted a good solid day now and, more significantly, a new version of the TrueCrypt executable was digitally signed with the same key as the earlier versions. Matthew Green, a cryptographer and research professor at the Johns Hopkins University Information Security Institute, led the TrueCrypt audit project, but he has no special insight into what happened. He's probably right that, of all the bad explanations, the best is that the TrueCrypt team did it.

TrueCrypt warns that it is not secure, advises users to switch. If you're new here, you may want to subscribe to the RSS feed, like us on Facebook, or sign-up for the free email newsletter which contains computer security advice, news, hints and tips. Thanks for visiting! If you visit the website of the popular open-source encryption tool TrueCrypt, you’ll see a surprising message: In the last 24 hours or so, has redirected to the project’s homepage on SourceForge, where the abrupt announcement of TrueCrypt’s demise has been announced.

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issuesThis page exists only to help migrate existing data encrypted by TrueCrypt.The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. The webpage now offers a new decrypt-only version of TrueCrypt (version 7.2) for Windows, Mac OS X and Linux. True Goodbye: ‘Using TrueCrypt Is Not Secure’ The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP. Sometime in the last 24 hours, began forwarding visitors to the program’s home page on, a Web-based source code repository.

That page includes instructions for helping Windows users transition drives protected by TrueCrypt over to BitLocker, the proprietary disk encryption program that ships with every Windows version (Ultimate/Enterprise or Pro) since Vista. The page also includes this ominous warning: “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”“This page exists only to help migrate existing data encrypted by TrueCrypt.” Doubters soon questioned whether the redirect was a hoax or the result of the TrueCrypt site being hacked. True mystery of the disappearing TrueCrypt disk encryption software. Webdriver Torso has nothing on this week's mysteries!

First we had Apple iDevices in Australia announcing "Device hacked by Oleg Pliss" and demanding a $50 Moneypak voucher or $100 via PayPal. No-one seems to know how, or why, and (to make things yet weirder) the PayPal address given for payment didn't actually exist. Now, the website of venerable free disk encryption software TrueCrypt is telling us: WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues Not only that, but the page goes on to state that the project has been closed down, following the end of support for Windows XP: The motivation seems to be that on all supported operating systems for which TrueCrypt was available, there's now some sort of built-in full disk encryption system.

Yet more curiously, there's a new version numbered 7.2 that can apparently only decrypt, intended to help you migrate away from the now-defunct TrueCrypt product. What gives? Is it a hack? Is it malware? Is it a publicity stunt? TrueCrypt. Open Crypto Audit Project.