Popular encryption software TrueCrypt shuts down mysteriously
TrueCrypt, the popular and reputed open source file and disk encryption Software for Windows, OSX and Linux, has abruptly closed down Wednesday recommending its users to use Microsoft's Bitlocker.
TrueCrypt is a free, open-source and cross-platform encryption program, thereby one of the world's most-used encryption tool, trusted by tens of millions of users and recommended by NSA whistleblowerEdward Snowden.
TRUECRYPT IS NOT SECURE
On Wednesday afternoon, the users of TrueCrypt encryption tool redirected to the project's official SourceForge-hosted page that displays a mysterious security warning message that the popular encryption tool has been discontinued and that users should switch to an alternative.
The official website for the TrueCrypt software warns the user that the open source encryption software is no longer secure and informs that the development of the software has been terminated.
At the top of TrueCrypt page on SourceForge displays a text in red colour that states, “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.”
WEBSITE HIJACKED ? SUGGESTING TO USE BITLOCKER!
The encryption software abruptly ended its support without providing any explanation from its developers side and recommended Microsoft's BitLocker as an alternative for Windows users, along with a detailed guide on how to migrate your encrypted data to BitLocker instead.
Now, this sudden security warning and suggesting Microsoft’s Bitlocker as an alternate raise many questions. Many people around the web have assumed that some hacker has compromised the SourceForge account of TrueCrypt, but yet it’s quite unclear whether it’s a defacement of the site or something controversial. Otherwise why the developers of free and open source encryption tool provider would recommend its users to switch on to the most controversial Microsoft’s Bitlocker drive encryption tool.
It could be possible that the developers of the TrueCrypt may be aware of some critical vulnerability or backdoor that according to them would imperil the integrity of the reputed software, which has been downloaded more than 28 million times. Some other possibilities could be:
Significantly, the current version listed on the SourceForge page, version 7.2, was signed yesterday with the official TrueCrypt private signing key, the same key used by the TrueCrypt Foundation for as long as two years. This means the warning on the official homepage of TrueCrypt isn't a hoax posted by some hacker or cyber criminal.
TrueCrypt had recently just cleared its first stage of a security audit that focused on the TrueCrypt bootloader and Windows kernel driver; architecture and its code review. The security community has took this initiative to perform a public Security Audit of TrueCrypt in response to the Edward Snowden’s disclosures and concerns that National Security Agency (NSA) may have tampered with it.
The second phase of audit has to begun, which includes a thorough analysis of the various encryption cipher suites and implementation of random number generators and critical key algorithms.
Is it the end of popular encryption tool? Whatever be the reason behind the sudden shut-down of the most popular encryption service, but if the warning is legitimate, it might be time for the users to migrate their encrypted files to another encryption tool like DiskCryptor.