TrueCrypt has been the most popular disk encryption software on the market for the past decade. But this past week the developers shut it down, very quietly, and seem to have simply disappeared.
The old TrueCrypt site at truecrypt.org now redirects to the Sourceforge page where a brief message simply states, “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues” and some brief information on migrating away from TrueCrypt. This of course leaves us all wondering why?
The rumors are running rampant across the internet but we actually don’t know anything at this point. Since the developers and maintainers of TrueCrypt have always kept themselves anonymous, there has been some speculation that their identities were uncovered and they may have faced pressure from various governments over the software, or that the software itself may have had some serious security flaws that were about to be discovered by the audit team at iSec Partners. If the audit team had any bearing on the shut down, that then begs the question, were security flaws in the software deliberate? Again, this is all speculation. Especially since, as of this writing, no flaws have been discovered.
It will be very interesting to see what the remainder of the security audit finds, as well as what reasons eventually surface for the shutdown. If the software is inherently secure, as many people think, than perhaps it will be worthwhile for other developers to pick up the software and continue with it.
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/