The widely used open-source TrueCrypt encryption program is “not secure” and should not be used, according to SourceForge, one of the official webpages for TrueCrypt.
The announcement posted at truecrypt.sourceforge.net states:
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
The advisory, which hasn’t been confirmed as authentic, recommends users migrate from TrueCrypt to Microsoft BitLocker and offers guidance. As well, according to reports, a “diff” analysis of the program showed it had been heavily altered. The new release appeared to let users decrypt encrypted data but not create it.
Installing TrueCrypt brings up a similar warning that it is not secure and is only provided to help transition data to other encryption schemes.
The warning also touched off a flurry of speculation as to what led to the announcement with everything from the popular solution being an agent of the government to possibly coming under political or legal coercion with some sort of gag order, preventing them from telling the actual story.
In any event, it’s a good idea for TrueCrypt users to be cautious and realize that now may be the time to move to a new crypto application.
