Friday, May 30, 2014

My take on the Truecrypt situation

I've used Truecrypt a fair amount in the past, but never to encrypt a whole drive. I've used it to store private things in an unmarked file before. I know there is wild speculation about what may have happened and the end of life of Windows XP seems like a convenient excuse. I lean more towards the developer(s) getting tired of it and wanting to move on. After all it's been out for 10 years and they are not getting paid for it.

But there are strange things happening - like the endorsement of bitlocker. Even more strange is the wayback machine people excluding truecrypt.org from their database. Here's what you see:

Sorry.

This URL has been excluded from the Wayback Machine.

Why should Wayback care about a site like truecrypt.org unless someone told them to erase it or are they simply being overloaded with too many queries? Just a thought.

There are calls to fork the development. Legal issues with a fork aside, this effort looks very promising: http://truecrypt.ch/  (It appears that they may be using bootstrap too. Our sites will all be using bootstrap soon.)

I agree with Steve Gibson - continue using it until it's proven to have a severe problem and I guess we will see what happens after the crowd funded code audit is finished. Mr Gibson has kindly posted the 7.1a Windows and Linux installers and source code here:
https://www.grc.com/misc/truecrypt/truecrypt.htm

Open source is going to be scrutinized even more now that this has happened and so soon after the OpenSSL heartbeat thing...

Kirk

No comments: