TrueCrypt (software)
TrueCrypt was an open source a piece of software which offered full-disk encryption. It also offered an option to created virtual encrypted disks, either inside of a single file or as an independent partition. It was favored by many security professionals and hobbyists for its wide range of features and overall security. However, the project was abruptly terminated in 2014. The project's official website gave a rather vague and cryptic notification that the project had been discontinued, and should no longer be considered secure. They advised their users to switch to Microsoft's BitLocker (although this is only available to Windows users).[1]
This shutdown took place just as an independent, crowdfunded audit (costing $70,000) of the software was taking place; conspiracy theories promptly arose. Some suspected that despite TrueCrypt's claims to the contrary, there actually was a backdoor in the encryption for use by government officials. In this case, the shut down would have take place because the developers were afraid this vulnerability would be found. However, the audit did not find any such thing. It did discover some relatively minor flaws in the drivers, but nothing which would render the software useless, and certainly no backdoors.[2]
Others have speculated that perhaps government officials were pressuring TrueCrypt to add a backdoor, and the developers chose to shut down rather than compromise their software in this way. However, the general consensus now is that the shutdown was simply due to developer fatigue.[3][4] Somewhat complicating matters in this debate was the fact that the developers of this tool were mostly anonymous.[5]
Regardless of the cause, TrueCrypt was shut down, and although some people may still be using it, it is generally recommended by the industry as well as the offical website, that users switch to a different solution. Another open-source encryption tool called VeraCrypt is essentially a fork of TrueCrypt, and is generally considered to be a strong alternative.
References
- ↑ http://truecrypt.sourceforge.net/
- ↑ https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf
- ↑ https://cmitsolutions.com/blog/what-the-mysterious-demise-of-truecrypt-means-for-your-data/
- ↑ https://www.scottbrownconsulting.com/2014/05/truecrypt-what-happened-what-it-means-and-what-happens-now/
- ↑ https://securitygladiators.com/truecrypt-gone-best-five-alternatives/