TrainACE - IT and Cybersecurity Training Blog

Is TrueCrypt now unsafe?

[fa icon="calendar"] May 29, 2014 1:46:10 PM / by Christian Crank

Do you use TrueCrypt? You might not want to now. It seems as though the main SourceForge page for TrueCrypt has been defaced, though it might just be legitimate. How do I know? The first line on the page reads as follows: "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues." While many people thought it was a hoax or that TrueCrypt got hacked, the newest application that was pushed out only allows you to decrypt and migrate data, not encrypt data, was signed with the TrueCrypt private key, ensuring its legitimacy.

The developers also say on the site that the development of TrueCrypt was ended soon after Microsoft ended their support of Windows XP. Last fall, TrueCrypt was slammed with a security audit inspired by the Edward Snowden revelations and reactions to open source failures like OpenSSL's Heartbleed Bug Vulnerability. TrueCrypt was open source so no one truly knew who was helping develop it and although the security audit show no backdoors or anything malicious, it showed multiple minor vulnerabilities.

As of right now, TrueCrypt's SourceForge page is now telling their users to "migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform" and then showing instructions on how to migrate from TrueCrypt to Microsoft's BitLocker. This poses a major problem for the users because it is pushing them into a closed-source solution.

Overall, the legitimacy of this change has not been fully assessed. If it is true, the world might lose an encryption method that has been used for years by people all over the world. If it is false, TrueCrypt is probably still there. Either way, I would advise you to not download the new application that is on their website as it might have a trojan. More info can be found here.

Topics: Cybersecurity, encryption, Networking, Uncategorized

Christian Crank

Written by Christian Crank

Need IT Certifications?
Want more info?

Call (301) 220-2802