# TrueCrypt Not Secure



## tzoi516 (May 29, 2014)

Wow!



> "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of TrueCrypt page on SourceForge states. The page continues: "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."



Click here to read entire article ...

What's surprising is the recommendation to move to BitLocker - which can be hacked.


----------



## kpa (May 29, 2014)

So they terminated the development because MS ended support for Windows XP, WTF?


----------



## Crivens (May 29, 2014)

Relax, wait a week and then look again.

This smells of disgruntled coder, backroom arguments with some spooks (so, lavabit - take 2?) or all in all it smells of Cattle Manure to me.

TrueCrypt has passed the first part of the audit, and it seems not to have any problems up to now. At least that is what fefe says, and I would follow that for now.


----------



## tzoi516 (May 29, 2014)

Crivens said:
			
		

> Relax, wait a week and then look again.
> 
> This smells of disgruntled coder, backroom arguments with some spooks (so, lavabit - take 2?) or all in all it smells of Cattle Manure to me.
> 
> TrueCrypt has passed the first part of the audit, and it seems not to have any problems up to now. At least that is what fefe says, and I would follow that for now.


I was thinking the same thing. However, some sites have reported that TrueCrypt developers have confirmed this. I'm hoping it's a disgruntled coder, and also hoping this will push out the code into the open source world.


----------



## srg (May 29, 2014)

TrueCrypt has (had?) a weird license anyway.

It's odd that their main domain is redirecting to their SourceForge domain.

I'd give it some more time too. I'm not about to rely on a closed-source proprietary encryption implementation by Microsoft.

As Crivens said, I suspect some possible government involvement and/or disagreements. Meh.


----------



## cpm@ (May 29, 2014)

See also Bruce Schneier's blog.



> "WARNING: Using *TrueCrypt* *is* *n*ot *s*ecure *a*s it may contain unfixed security issues..."


Huh! This masked message makes my day  :e


----------



## Beastie (May 29, 2014)

Hmm, so it might not be CIA after all?! P


----------



## zspider (May 29, 2014)

I wouldn't be the least bit surprised if some spooks/authoratahs wanted to destroy the project because it was too good for them.

In the meantime there is always tar and security/ccrypt.


----------



## tzoi516 (Jun 4, 2014)

> Now Thomas Bruderer and Joseph Doekbrijder have stepped forward with plans to revive the project through the truecrypt.ch site, which is offering downloads of TrueCrypt 7.1a – which can encrypt and decrypt data, and was the latest version prior to 7.2.



Click here to read ...


----------



## srg (Jun 4, 2014)

There's also http://falsecrypt.org/, which points out some problems with the TrueCrypt.ch project.

And another site with more opinions: https://www.grc.com/misc/truecrypt/truecrypt.htm


----------



## Oko (Jun 5, 2014)

tzoi516 said:
			
		

> Wow!
> 
> 
> 
> ...



So why is this news relevant for UNIX users?  :OOO You lost me on this one.


----------



## tzoi516 (Jun 5, 2014)

Vulnerable code is vulnerable code.


----------



## Oko (Jun 5, 2014)

tzoi516 said:
			
		

> Vulnerable code is vulnerable code.


Whole MSDOS is vulnerable code but I have never lost a sleep over it. DragonFly BSD has native TrueCrypt implementation maybe that one is better.


----------

