SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
29 May 2014

TrueCrypt shuts down and may be compromised

Independent encryption software TrueCrypt is apparently not as secure as many thought. The TrueCrypt homepage was suddenly replaced with a notification that read "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues."

Moreover, it is reported that since May, 2014 TrueCrypt development is stopped. Significantly, the current version listed on the SourceForge page, version 7.2, was signed with the official TrueCrypt private signing key, the same key used by the TrueCrypt Foundation for as long as two years.

This means the warning on the official homepage of TrueCrypt isn't a hoax posted by some hacker or cyber criminal. To fans of the app, which lets users encrypt entire hard drives to ensure security and privacy that rationale makes no sense – and many of them are casting around for other plausible reasons why the app and its development would cease so suddenly.

"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP," is the explanation given on the software's webpage. "Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."

The situation is unclear because the TrueCrypt development team has always remained anonymous. Besides, in April TrueCrypt independent audit of source texts which didn't reveal dangerous problems was complete. Thus the TrueCrypt code isn't free and extends under own TrueCrypt License, containing additional requirements to distribution area and a mention of authorship that makes it not compatible with free licenses and prevents community to continue development through fork creation.

As for new TrueCrypt 7.2 release, differences from 7.1a version are reduced to the project insecurity prevention and to code removal for new encoded sections creation (it is possible to encrypt only the existing TrueCrypt sections).

The license text was also insignificantly changed. Significantly, the current version listed on the SourceForge page, version 7.2, was signed yesterday with the official TrueCrypt private signing key, the same key used by the TrueCrypt Foundation for as long as two years. This means the warning on the official homepage of TrueCrypt isn't a hoax posted by some hacker or cyber criminal. It is improbable that having access to formation signatures key for releases the attackers were capable only of prank with site substitution.

Thus a lot of things in this story are doubtful, for example why redirect of truecrypt.org into truecrypt.sourceforge.net page was needed and why only migration on Microsoft BitLocker was recommended for Windows users. Concrete recommendations aren’t given to Linux users, despite tc-play existence, an alternative free realization of TrueCrypt, extended under the BSD license.

SourceForge representatives said that they hadn’t found any signs of account cracking and abnormal activity, but recent compulsory passwords change was for infrastructure improvement, not for cracking reaction.

Tags:
data protection TrueCrypt
Source:
The Guardian
1732
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015