Cryptic warning baffles TrueCrypt users

Open source disk encryption utility TrueCrypt appears to have closed down today, with no explanation from its developers beyond unverified messages on the project's source code site that claim the application is no longer secure.

TrueCrypt's SourceForge page currently warns users against using the program, saying it is not secure as it may contain unfixed security issues.

The page goes on to recommend uses to switch to the built in Microsoft Bitlocker in newer versions of Windows.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

BitLocker is a full-disk encryption utility that does not contain a backdoor for government access, according to Microsoft.

Furthermore, the source code for the Windows version of the new TrueCrypt 7.2 version at the Github repository contains a similar warning message.

The sudden shutdown of TrueCrypt - which was developed anonymously by unknown developers - has left security experts and user of the program baffled, suspecting the website message is an elaborate hoax or possibly even a hack.

Cryptography lecturer Matthew Green at John Hopkins University in Maryland believes the SourceForge page is authentic.

I think it unlikely that an unknown hacker (a) identified the Truecrypt devs, (b) stole their signing key, (c) hacked their site.

— Matthew Green (@matthew_d_green) May 28, 2014

Green has been unable to contact TrueCrypt developers to verify what actually happened.

Nadim Kobeissi, developer of encrypted messaging app CryptoCat tweeted that the immediate lesson from the TrueCrypt debacle is that you can't trust software made by unknown people.

TrueCrypt was first released in 2004, and supported all popular operating systems such as Microsoft Windows, Apple OS X, *BSD and Linux distributions.

It rose to fame this year as it was revealed that former United States National Security Agency contractor Edward Snowden used TrueCrypt to encrypt hard drives and USB memory sticks.

The application was partly security audited this year, with no backdoors discovered.