TrueCrypt is saying it's insecure, recommends using BitLocker

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
encrypt_files_using_true_crypt_story.jpg


Everyone knows encryption is important, and TrueCrypt has long been a great free tool to help keep your important files from prying eyes. The Open Source tool has been available for over a decade, allowing users the ability to encrypt files, whole disks, and even create "hidden volumes." Today a major announcement from the TrueCrypt team has rocked the security world.

According to the SourceForge page for TrueCrypt, the tool is now considered insecure as it "may contain unfixed security issues." The page then goes on to explain that users should use BitLocker to encrypt their volumes and gives step-by-step instructions on how to do that. Based on the notice on the page, development ceased after support for Windows XP expired. They also state that users should decrypt their data and migrate to another encryption platform. From the website:

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

There's a lot of uncertainty about this, especially considering that TrueCrypt has recently been going through a security audit to see if there are any currently unknown backdoors. The first phase of the audit was completed last month, with Bruce Schneier saying, "Quick summary: I'm still using it." This has led many to believe that the TrueCrypt.org domain was simply hijacked and the binary on the site replaced with a Trojan. Neowin users are discussing this in the forums, and neufuse has noted some unusual network traffic from the 7.2 release of TrueCrypt, something he hasn't seen in the past.

For now, we recommend that you do not download the latest version of TrueCrypt from the website until we hear definitively what the status of the tool is as it's possible it's malicious and will send your data to an unknown location.

Source: TrueCrypt.org | Special thanks to D. FiB3R | Image Courtesy of WorldTech360
 

Littlebits

Retired Staff
May 3, 2011
3,893
Update: Something is indeed very suspicious, another thing version 7.2 was just released today and users are saying it could be infected with malware. Don't download version 7.2 from their website.
All other versions have been removed from Sourceforge including the open-source files which is illegal according to Sourceforge policy.
(All source codes must be included on the download page for each version.)

Just read the commits on WOT-

Here's What Users Think Happened to TrueCrypt-

Another conspiracy theory is starting!!

Enjoy!! :D
 

firestr001

Level 2
Jul 22, 2012
317
The development of TrueCrypt, an open source piece of software used for on-the-fly encryption, has been terminated and users have been advised not to use it because it is not secure enough. Now, it seems that another team of developers have forked the software and rebased it in Switzerland.
The abrupt announcement of the demise of TrueCrypt took everyone by surprise and some of its users have been disappointed that their favorite software is no longer being developed. The Sourceforge website, where the project was keeping its files, is now plastered with warnings that TrueCrypt is no longer secure because it is full of security issues.

Fortunately for us, TrueCrypt was an open source project and that meant that anyone could take it and fork it into another version, and try to fix some of the problems reported. Whether this will be a success remains to be seen, but at least there is a chance that it will live on.

Many users think that the TrueCrypt project has been forced to close its doors by various other malevolent forces, like the US government, for example. To be fair, the US government is accused of many such acts, but it is likely that it's not actually responsible for all of them.

So, TrueCrypt has now been rebased in Switzerland and the project has been forked by another team of developers. They are promising that the security problems will be fixed and that no one will be able to force them to close the gates
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top