Something is Wrong With TrueCrypt

Something is happening over at the TrueCrypt website, and for now, speculation abounds.

The TrueCrypt website, located at http://truecrypt.sourceforge.net/ (warning site might be compromised) has been updated to state in multiple places throughout the site that TrueCrypt is insecure, and gives instructions on how to migrate to Microsoft's BitLocker drive encryption.

The change is very sudden, and highly suspect as the creators of TrueCrypt in the past have expressed a lot of passion about security and an emphasis on open-source security tools. BitLocker is closed-source and having them select a Microsoft published piece of closed source software is even more suspicious because Microsoft has very close ties with the NSA, and there are some serious problems with some configurations of BitLocker.

The new version of TrueCrypt that was posted has curious additions in the source code. It removes a lot of critical TrueCrypt functionality and adds the line "INSECURE_APP" in multiple places throughout the code.

Curiously, their licensing has also changed, allowing derivative works to be made without any reference to using truecrypt code.

Theories include a very complex hack of their site and services, including crucial security keys for signing software and passwords to multiple accounts, coercion to shut down by clandestine agencies, or a TrueCrypt developer going rogue and trying to discredit further development.

One thing is for sure, do not upgrade to TrueCrypt 7.2 and wait for further developments.

Twitter troll @NSA Public Relations posts:


< last
next >