
True Goodbye: ‘Using TrueCrypt Is Not Secure’ - panarky
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/
======
abcd_f
That's LavaBit 2.

I've been a long time TC user and if there's _the_ trait it has it's the
quality and a high degree of polish. And now looking at the diff and the
screenshot of that in-app "Not secure" message, the polish is just not there.
It feels like it was something that was slapped together in a rush _or_ by
someone who's not an original developer. The SF page alone is a big red flag.
If you compare its nearly hysterical tone and ridiculous BitLocker advice to
the tone and content of the actual app, they don't add up _at all_.

This leaves us with a handful of discrepancies between the last good state of
the project and what's out there now. So it's either someone else's hackjob or
it is original and the discrepancies are intentional. Then, factor in the .exe
sig match, and it pretty much leaves only the latter option - the original
devs made an absurdly non-TC-like release. The question is "why?"

~~~
wahsd
I just don't quite understand the panic about microsoft not supporting XP
anymore. It's not like that was a surprise announcement or even that the
deadline was just met. It was April 8th....and TrueCrypt just now shut down in
panic? ...Because XP support stopped??? WTF is going on?

It's not even like support means anything, other than that they will no longer
improve or fix it, i.e., there's still time to migrate away as XP degrades. It
says nothing about whether XP is secure in and of itself.

This whole incident is about as weird as weird gets.

I saw a post that suggested it might be a canary, i.e., an event that must be
interpreted as a certain action having taken place...a negative message....an
absence of an indication that everything is ok. But that also seems odd since
I am not quite sure that if TrueCrypt people were who we all want to believe
they were, would suggest using bitLocker. bitLocker??? Alone that suggestion
smells like rotten fish just by its association with MS and the US government.

You should put money on the fact that it really was someone associated with
certain ever increasingly fascist governments of, likely the USA or Israel,
that compromised TrueCrypt in a way that set off an "auto-destruct" sequence.
It's probably a reaction to the Snowden compromise, with increased funding and
efforts to regain domination that he exposed by becoming even more
totalitarian through an "Operation Kristallnacht" sprint against civilian
institutions.

~~~
tripzilch
Another theory is that some component of the development environment to
compile TrueCrypt requires XP. Remember the guy that tried to compile the TC
source to match the binary?

[https://madiba.encs.concordia.ca/~x_decarn/truecrypt-
binarie...](https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-
analysis/)

He needed to get some older version of Visual Studio and a very specific
combination of service packs and updates in order to get to matching (nearly)
the entire binary.

Could it be that the devs really wanted to keep developing in XP because some
part of their dev chain required it, but with support being discontinued they
of course couldn't run XP and consider that computer "secure" to develop on?

Obviously, if this theory has some grain of truth to it, it can only be _part_
of the explanation for the TrueCrypt weirdness that's been going on today.

If I had to bet on it, I would say it's most likely they got Lavabitten. But
then still, the XP remark seems like a very odd choice if it's intended to
function as a canary of sorts.

~~~
Lx1oG-AWb6h_ZG0
> Another theory is that some component of the development environment to
> compile TrueCrypt requires XP

This seems unlikely: the screenshots in your link clearly show the source
could be built on Windows 7. The trouble Xavier mentions is with the updates
to VS2008 SP1, not Windows service packs.

------
jxf
My current favorite insane/facetious conspiracy theory on this:

    
    
        "WARNING: Using TrueCrypt is not secure as ..."
         WARNING: Using TrueCrypt is (n)ot (s)ecure (a)s ...
                        TrueCrypt is (n)ot (s)ecure (a)s ...
                                     (n)ot (s)ecure (a)s
    
                        TrueCrypt is (n)   (s)      (a)

~~~
sliverstorm
I love this game!

    
    
        "WARNING: Using TrueCrypt is not secure as ..."
        "WARNING: Using True(C)rypt (i)s not secure (a)s ..."
    
                            (C)     (i)             (a)
    

Again!

    
    
        "WARNING: Using TrueCrypt is not secure as ..."
        "WARNING: Using TrueCrypt i(s) n(o)t (s)ecure as ..."
    
                                   (s)  (o)  (s)

~~~
weaksauce
Not that I think it was intentional, but putting something in that is not
grammatically correct like the op version and with no spacing is much stronger
than picking random letters from the words to prove a point.

~~~
claar
It's grammatically correct, read the whole sentence. It just looks odd when
you take half the sentence out of context.

------
blueskin_
This seems highly suspicious, especially the recommendation of BitLocker, a
product we have little to no evidence does what it says and after PRISM, have
no reason to trust[2]; not to mention it being limited to a (very small subset
of) Windows platforms vs. TrueCrypt's cross-platform functionality. If this
was legit[1], it'd probably be directing people to one of the other TrueCrypt-
like programs.

[1]The new version posted is almost certainly compromised; don't download it,
or at the very least, run it in a VM on non-networked hardware you can reimage
after finishing using.

[2]Edit: Forgot this before, but BitLocker is definitely completely broken as
it sends your recovery key to MS anyway (
[https://twitter.com/TheBlogPirate/status/471759810644283392/...](https://twitter.com/TheBlogPirate/status/471759810644283392/photo/1)
).

~~~
NicoJuicy
Would this be a Lavabit-like situation? The governement asking for a backdoor
and the developers are refusing it.

Suddenly (while there is an audit), they quit everything, change the
assemblies and the website, so users can get to another product... It seems
weird that after 10 years of hard-work, they suddenly quit without further
explanation.

~~~
danielweber
No, there a big differences with Lavabit.

Lavabit was a service, TrueCrypt is a product.

Lavabit had access to all their customers' data, and told investigators that
they had it. It's completely straightforward law that, given a subpoena,
Lavabit must turn over evidence to the government.

TrueCrypt is a product. They do not have access to customer data. There is no
requirement for TrueCrypt to "help out the government" in this case.

If you want to hang a conspiracy theory on this news[1], find some hook
besides Lavabit.

[1] And I can't fault the conspiracy theorists for trying to find some
explanation over this, because the damn thing is so weird and unusual.

~~~
declan
You're correct to point out the useful distinction that TrueCrypt is a
product.

But what makes you think U.S. law treats them any differently, assuming
TrueCrypt's creators and maintainers can be identified?

Here's my article from 8 years ago talking about how the FBI was demanding
that makers of certain _products_ include backdoors for FedGov surveillance:

[http://news.cnet.com/FBI-plans-new-Net-tapping-
push/2100-102...](http://news.cnet.com/FBI-plans-new-Net-tapping-
push/2100-1028_3-6091942.html) The FBI has drafted sweeping legislation that
would...force makers of networking gear to build in backdoors for
eavesdropping... FBI Agent Barry Smith distributed the proposal at a private
meeting last Friday with industry representatives and indicated it would be
introduced by Sen. Mike DeWine, an Ohio Republican, according to two sources
familiar with the meeting...

~~~
danielweber
Your use of "demand" is misleading. Your own words at the time say "drafted
sweeping legislation." Did that legislation pass?

Anyone can "draft legislation." I can draft legislation right now. That
doesn't make it U.S. law. Getting it passed is the hard part.

Phone companies are required to enable wiretaps. But that happened through the
public legislative process, and the legislation even lets the phone company
bill the government for costs to comply. (Your linked article explicitly
points out CALEA.)

~~~
Crito
We are talking about a government that has, in the recent past, sent
nastygrams to people telling them that not only did they have to comply with
the orders in the letter, but that it would be a crime to consult a lawyer
about the letter.

So you, a non-lawyer developer, get one of these letters. You are pretty damn
sure it is a bluff (didn't that clause in NSLs get shot down? Pretty sure I
heard something about that... Something about Nicholas Merrill?). What if you
are wrong though? What if this is a different kind of letter that you and the
rest of the general public are currently unfamiliar with? What if the
government has found a new way to create such a clause? Is _" pretty damn
sure"_ a high enough standard of sureness for you to call their bluff and talk
to a lawyer anyway? How much do you value your freedom, and how much do you
value your work?

Not being willing to call their bluff and contact a lawyer means that you are
not able to question or interpret anything else in that letter as well. The
best you can do is ask the government to interpret the letter for you, and
tell you exactly what you need to do in order to comply.

The next best option is likely to burn what they want to the ground.

~~~
danielweber
This is pretty much why I said "If you want to hang a conspiracy theory on
this news[1], find some hook besides Lavabit."

Linking an abuse like you describe to Lavabit only harms developers, who if
they were to receive such an illegal demand might remember "wait, Lavabit was
required to install back doors, right? I guess I have to, as well!"

~~~
Crito
I'm not even talking about Lavabit. They have done this to others (it was
unconstitutional at the time, but was not yet declared as such). They could do
it again. Only the most selfless person would be able to bring it to the
publics attention.

Until the current regime is dismantled, we cannot rule out the possibility
that these abuses are ongoing. To label it as a conspiracy theory is just
shameless apologetics.

~~~
danielweber
_They have done this to others._

What's "this"? Is it "the USG compels vendors to install back doors into their
software products they ship to others, under threat of jail time and/or fine
and/or vacation at Gitmo"? To whom was this done?

NSLs are nasty in many ways. That doesn't mean they are nasty in any way you
can imagine.

------
cornholio
Truecrypt is dead, long live ChipCrypt: a Truecrypt fork with TRESOR and
scrypt built in.

TRESOR is a technique that keeps the volume key strictly in the CPU registers
and not in RAM. This completely prevents RAM freezing and related attacks. A
running computer that is locked cannot be trivially decrypted anymore by
dumping it's RAM.

Scrypt is an advanced password derivation function that makes even trivial
passwords very hard to bruteforce. A scrypt derived key is 20000 times harder
to crack than the equivalent PBKDF2 derived key of the same password.

The TrueCrypt license is not GPL compatible but it allows redistribution in
source form as long as the software is not called "TrueCrypt".

Who's up for it ?

~~~
dchest
These two (TRESOR and scrypt) are incompatible, unless you allow for some time
period where keys can be extracted. The point of scrypt is to be sequentially
memory-hard: it mixes password and salt in a huge amount of RAM and makes it
impossible to not use RAM for this operation.

~~~
cornholio
I would say "complementary" not "incompatible". Once you have derived the key
you can clear the RAM and keep the key on the CPU chip only. So there's a
vulnerability window of a few seconds during which the key (or key related
material) is stored in RAM, after which it can no longer be recovered.

In sharp contrast with regular TrueCrypt where the master volume key is stored
in RAM all the time. It's already standard operating procedure for law
enforcement to time raids when the computers are in use and make a dump of the
machine RAM.

~~~
blueskin_
Agreed. Only doing operations involving transferring the key to RAM when the
user is present should mitigate it, perhaps with a prominent WARNING dialog
showing when memory is vulnerable, and overwriting the memory locations used
for the key when done.

~~~
cornholio
Truth be told, if RAM is a security liability for the few seconds it takes to
enter the password and derive the key, then you can't give any security
guarantees whatsoever no matter what algorithm you use, scrypt, PBKDF2 or any
other.

It's not like you can punch the password into the CPU directly, you need to
use some sort of input device which has drivers which keep state in RAM, use
DMA and IRQs etc. Any attacker capable of reading RAM during this phase is
also capable of sniffing the password characters as they are typed on the
keyboard.

~~~
skycrypt
If we keep thinking on tine slices of time, even a shoulder surfer attack
(with cameras in case of a pass-phrase :)) can be a problem... We are not
talking about how to prevent a break during the time when the user is typing
the password (torture attack is still a valid one and no technology will ever
prevent it). But I like good ideas: once mounted, the password cannot be
retrieved as it's stored in the chipset itself... I don't know if the test
pins on those processors will make this vulnerable but it worth a try-catch.
And if Windows go into sleep/hybernate, you loose the password and have to
mount again to restore operation. This is possible as we mount the driver as a
removeable media.

------
AhtiK
"BitlLocker, the proprietary disk encryption program that ships with every
Windows version since Vista."

This is misleading - Windows 7 product line has Bitlocker only for Ultimate
and Enterprise. Even Windows 7 Professional users cannot use Bitlocker without
upgrading to Ultimate. Very unfortunate.

~~~
wahsd
There has been a suggestion that the sourceforge post is a canary triggered in
a "self-destruct" sequence. I am wondering if the suggestion to use bitLocker,
which as you point out is not available to everyone, is also a signal.

I want to suggest reading into it something that doesn't exist, but why would
TrueCrypt people, if they are what we want them to be, suggest using bitLocker
of all things. No better alternative and better than nothing??? I don't know
how I feel about that.

~~~
higherpurpose
Their "suggestions" for Linux and Mac OS seem just as fishy, almost like done
on purpose to raise suspicion and hint that something bad is going on:

[https://twitter.com/matthew_d_green/status/47199831543788339...](https://twitter.com/matthew_d_green/status/471998315437883392)

[http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_dev...](http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/chtfb30)

------
mhogomchungu
TrueCrypt encrypted volume format is well known and there are tools out there
that can create TrueCrypt volumes and open them.

There is tcplay[1]. This project can create and open TrueCrypt volumes.

There is cryptsetup[2].This is a linux native solution for block device
encryption and supports opening of TrueCrypt volumes.

The above two projects and command line based and there is a third project
called zuluCrypt[3] that gives a GUI front end to the two projects.

I am not aware of any alternative solutions in windows or OSX that does
support TrueCrypt encrypted format but adding support for it should not be
that hard.

This maybe the end of line for TrueCrypt as a project,but its encrypted volume
format may still be used as a "universal cross platform encrypted volume
format".

Somebody should file a bug report in projects that deal with block device
encryption in windows and OSX and ask them to support this format as i think
the format should live on as its the only one that is widely used and
supported.

[1] [https://github.com/bwalex/tc-play](https://github.com/bwalex/tc-play)

[2]
[https://code.google.com/p/cryptsetup/](https://code.google.com/p/cryptsetup/)

[3]
[https://code.google.com/p/zulucrypt/](https://code.google.com/p/zulucrypt/)

------
tzs
Well, if we are going to speculate, I'll offer a guess: the crowd funded
security audit made the developers lose their enthusiasm.

I believe I read in another thread that TrueCrypt did not get many donations.
I'd be a bit depressed if I worked long and hard on a project that people
seemed to appreciate, but not enough to crack open their wallets and toss a
few bucks my way, and then some third party comes along and quickly raises
$70k to audit my code.

~~~
krek
Yep. And reading the pdf for phase 1 of the audit, worth about $40k, the
findings didn't seem very impressive. Specifically the readability portion
where they give a critique of naming conventions in the code. I could see the
developers figuring for that money they could've done a lot more good with it.

------
mhogomchungu
Somebody who has been following TrueCrypt closely seem to think the project
lost momentum and they just decided to call it quit.Their comment is on
slashdot and the link is:
[http://it.slashdot.org/comments.pl?sid=5212985&cid=47115785](http://it.slashdot.org/comments.pl?sid=5212985&cid=47115785)

~~~
Spearchucker
Makes the most sense yet. The question that was asked in response to that
Slashdot post was why anyone would choose to quit the way they did
(unprofessional and so on), and this doesn't sway me. If I lost my star dev
and couldn't follow the code myself I might (speculation, as ever) well be
petulant enough for this mess. There may be any number of factors behind it,
ranging from animosity within the team to fear or self-doubt.

~~~
mjolk
I don't see this as particularly unprofessional or petulant.

The owner/manager of the project didn't want to keep maintaining it and is
redirecting users to an alternative that will work for almost all use cases.
As of last month, there were reported flaws in TrueCrypt and there's nothing
that forces a maintainer of a free project to keep going.

I'm left almost a little annoyed that the conversation isn't "RIP TrueCrypt
project, thank you goes out to the maintainers for helping people feel more
secure for years."

~~~
unfamiliar
You can't just post an announcement like that in the current climate of
suspicion and expect everyone to just ignore the possible implications.

~~~
mjolk
Alright, I'll play. How long of an explanation are the users of a free service
entitled to receive before the maintainer can happily go his/her way without
follow-ups? Development of Truecrypt stopped, and as it's open-source, someone
else could keep hacking away on it.

~~~
unfamiliar
Entitled to receive? None. Read my post again. I'm saying that they should
have expected that the announcement would be received with suspicion.

------
AhtiK
[http://web.archive.org/web/*/truecrypt.org](http://web.archive.org/web/*/truecrypt.org)

"Sorry. This URL has been excluded from the Wayback Machine." :-)

~~~
T-A
That's funny. The normal technique for telling the Wayback Machine not to
archive would result in the message "Page cannot be crawled or displayed due
to robots.txt.". How do you get "excluded" this way?

~~~
trebor
I don't know about the message, but you can ask for your site to be removed
from the Wayback Machine.

------
panarky
"[Matthew] Green last year helped spearhead dual crowdfunding efforts to raise
money for a full-scale, professional security audit of the software."

"'I think the TrueCrypt team did this,' Green said in a phone interview. 'They
decided to quit and this is their signature way of doing it.'"

"I’m a little worried that the fact we were doing an audit of the crypto might
have made them decide to call it quits.”

~~~
higherpurpose
I think that's why they are quitting. They didn't want the audit to find
something. But it's just a speculation like any other.

~~~
throwaway99812
It's more likely that they were angry that the audit got a lot of funds and
they didn't.

In OSS often the people who do the original work get nothing and all the money
goes to pundits, packagers, and consultants.

~~~
louthy
If that were true, and they were so sure of the quality of their code then
they'd keep going, wait for the all clear and say: "Look, we've been doing
this for 10 years, our system is now independently audited, will you please
support us..."

I suspect that would have brought in a few dollars in the current climate.

~~~
danielweber
That might make sense in a world of perfectly rational unemotional robots.

In the real world, if you worked for years trying to make people safe, and you
felt (correctly or not) that you were being disrespected while others were
being respected for picking at your nits, you might say "fine, fuck you all,
have fun," too.

To be clear, I don't know what's going on. A "rage quit" is the most likely
scenario IMHO, but this is all very weird.

 _EDIT_ : On reflection, a rage quit fits my priors, which say "there's no
such thing as free-as-in-beer[1] software." So you and I should both be a
little skeptical when I find it the likely explanation.

[1] It does exists, but it's the exception, and each project where it works
has its own particular quirks that make it work. The successful ones typically
rely on someone having a particular and unusual mental setup that doesn't mind
free loaders. Stallman and de Raadt develop software for their own use, and
the rest of us can use it, too.

~~~
comex
Off-topic, but considering the sheer amount of _stuff_ on GitHub, I'm not sure
it's about free loaders - whether or not it's useful, the fact that so much
code is published demonstrates that many people are okay with it being used by
others.

------
codeulike
Are there any decent alternatives to TrueCrypt for Windows that aren't
Bitlocker?

[http://superuser.com/questions/760091/windows-encrypted-
virt...](http://superuser.com/questions/760091/windows-encrypted-virtual-hard-
drive-but-not-bitlocker-or-truecrypt)

~~~
hdivider
How about AxCrypt for file encryption?

[http://www.axantum.com/axcrypt/](http://www.axantum.com/axcrypt/)

(I phrase this as a question because it'd be great if we could have some HN
skepticism on this thing. Personally, I think everything basically checks out:
open source, free, there's a name, phone number, address, picture etc.)

~~~
codeulike
Looks like its just a 'right-click ... encrypt this file' sort of thing.
Doesn't appear to do whole disk encryption or encrypted virtual drives.

~~~
hdivider
Yep, that's why I mentioned file encryption specifically. :)

My use case is wanting to have an extra layer of paranoia before I upload
anything important to the cloud.

~~~
elect_engineer
AxCrypt looks solid for your purpose. Obviously if you are whoever it is who
replaced Bin Laden you can't even trust your keyboard -- it might be reporting
what you type to the NSA -- but for ordinary users it is a good choice. Plus,
it is mature and unlikely to destroy your data through a bug.

------
pling
Well this is good for me. I currently use a TrueCyrypt encrypted exFAT volume
for backups. My motivation is now to move this to an open source system
(probably dm-crypt). This and RDP is the only reason I'm hanging onto windows
and that's purely out of apathy. The suggestion of using BitLocker is a bit
insulting (this might just be comedy value from TC though). Every other bit of
software I use is portable or in a Linux VM already.

So my weekend project is now to move all my stuff to Debian.

~~~
darklajid
RDP: Is there anything freerdp cannot do that you need from day to day? I'm
working with Windows, but run Linux without any issues so far.

~~~
pling
We have an RDP gateway which is an awful pile of shit to deal with as it uses
HTTPS initiated MSRPC as the transport layer. FreeRDP doesn't work properly
with that yet as there are all sorts of odd configuration and encryption
things that are almost impossible to line up properly when your ops team don't
actually know what they're doing or how to find out stuff for you.

~~~
jackweirdy
Ugh; I remember having that problem a couple of years ago. In the end I had to
split a room of thin clients in half, and have them each point at 1 of 2
hosts. Defeating the point of load balancing entirely :/

------
pppp
Here's my theory (step-by-step):

1\. Truecrypt is a gigantic pain-in-the-side for US intelligence agencies.

2\. Intelligence agencies brainstorm about the best way to deal with the
situation.

3\. Taking over and tampering with the current code is deemed unrealistic. The
user base of Truecrypt is very sophisticated and even minor changes to the
source code would be scrutinized.

4\. "How can be get people to stop using Truecrypt?" "We can discredit the
project - get people to voluntarily stop using it because they don't trust
it".

~~~
DanBC
Your (1) partly fails because they'd just toss you in jail until you hand over
the key. If they think you're a terrorist that jail might be overseas with no
access to lawyers. If they think you're a paedophile they'll just leak that
info (and this your life is destroyed).

Also, "Truecrypt _properly used_ is a gigantic pain" and although I have
nothing to support it I reckon many people use it incorrectly. Has anyone done
any research?

See "deanonymizing alt.anonymous.messages" for examples of people doing crypto
wrong.

~~~
dendory
Actually I disagree. The NSA is all about spying. If they can't decrypt what
you do without going to you and asking you for the keys (or throwing you in
jail) then I would say it -is- a major pain for them. Remember we're talking
about an agency who routinely targets one person in the hope to find dirt on
others.

~~~
sliverstorm
On the other hand, the NSA is all about spying. If they can't encrypt their
data and keep it secret, they can never get the upper hand.

(The most valuable information is info your enemy doesn't know you know.
Information your enemy knows you know is not as powerful)

------
personalcompute
Previous discussion from earlier today:
[https://news.ycombinator.com/item?id=7812133](https://news.ycombinator.com/item?id=7812133)

------
nness
Out of curiosity, wouldn't the open-source TrueCrypt be better than the closed
BitLocker? (assuming, of course, that TrueCrypt was not already compromised)

~~~
easytiger
Surely it would also take very little effort to implement an alternative to
truecrypt? What's the big deal

~~~
venomsnake
Well implement one. While getting the encryption right is possible. There
comes the pesky problems with presenting stuff to windows as a volume that
works as well.

~~~
easytiger
Well peer reviewed encryption libraries would take care of a huge proportion
of that.

[http://dokan-dev.net/en/](http://dokan-dev.net/en/) might work on windows for
implementing something you might otherwise do via FUSE. Can't speak for
windows as ive not used it for a decade or more.

------
noarchy
If the TrueCrypt devs are done with the project, is there anything legally
preventing others from restarting development on it? I know the software had
an oddball license that wasn't always well-received.

My point here being, with the source being available, why do we need to assume
that TrueCrypt is history, other than perhaps a lack of people willing to work
on it (which I assume could change now that there is an immediate need for
some)?

------
dan_bk
Sounds like what happened to LavaBit (some sort of gov't pressure).

~~~
pekk
When you know literally nothing, it doesn't sound like anything.

------
awakened
E4M - Encryption For the Masses is free software that TrueCrypt was based on.
It's free to fork as well.

[http://en.wikipedia.org/wiki/E4M](http://en.wikipedia.org/wiki/E4M)

------
lurkinggrue
Lets just fork the sucker and call it a day. They developer is anonymous and
if he wanted to stop people he would have to reveal his identity and that is
not going to happen.

------
sekasi
Is this a warrant canary?

~~~
danielweber
A warrant is how the government compels you to turn over evidence you have.
TrueCrypt does not have any access to its users' keys or data.

If we really really stretch, TrueCrypt had server logs that would show who
downloaded it that they might be compelled to turn over. This would be an
overreaction to such a request.

------
stordoff
Reading through the posted diff, a couple of things stood out to me.

1\. The release date string went from "February 7, 2012" in 7.1a to "5/2014"
in 7.2 . Might be nothing, but it made me wonder if someone other than the
orignal author changed it due to the date style change - I'd've expected it to
be changed to "February 2014".

I also wonder why no specific day was given - makes me wonder if the release
was automated and the author didn't know exactly when it would happen
(possibly a dead man's switch triggered it?). Again, could be nothing.

2\. Pretty much every reference to truecrypt.org has been removed - even the
licence now states "Your Product [...] must not present any Internet address
containing the domain name truecrypt" (instead of truecrypt.org), and there is
no requirement to link to it anymore. It might just be a change in licencing
stance to encourage forks, or, if the release was made under duress
(NSL/threats/blackmail etc.), it might be a way to try and signal that
truecrypt.org can no longer be trusted.

Edit: Something is bugging me about this line on the site: "The development of
TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows
XP." IT might just how the author writes, but my reaction on reading "was
ended" was that something external forced it to stop rather than it being a
choice.

Also, why mention XP's EOL? The message doesn't say support for TC stopped
_because_ of EOL, just after, and I can't think why the end of XP support
would effect TC greatly.

------
neves
Maybe it is because Bruce Schneier uses and recomends it:
[https://www.schneier.com/cgi-bin/mt/mt-
search.cgi?tag=TrueCr...](https://www.schneier.com/cgi-bin/mt/mt-
search.cgi?tag=TrueCrypt)

------
stefan
Any opinion on "Tomb"?
[http://www.dyne.org/software/tomb/](http://www.dyne.org/software/tomb/) It
tries to be a nice LUKS wrapper with container and key files.

------
DanBC
I'm not particularly looking forward to a slew of poorly coded alternatives to
TC, or to endless discussions about whether or not something actually is FDE.

------
bak3dj0
Maybe the developers were Americans and they decided to bail before they get
caught for exporting cryptographic software.

~~~
spiritplumber
Wasn't that settled in like 1996?

~~~
joshstrange
From Wikipedia [0]:

As of 2009, non-military cryptography exports from the U.S. are controlled by
the Department of Commerce's Bureau of Industry and Security.[9] Some
restrictions still exist, even for mass market products, particularly with
regard to export to "rogue states" and terrorist organizations. Militarized
encryption equipment, TEMPEST-approved electronics, custom cryptographic
software, and even cryptographic consulting services still require an export
license[9](pp. 6–7). Furthermore, encryption registration with the BIS is
required for the export of "mass market encryption commodities, software and
components with encryption exceeding 64 bits" (75 F.R. 36494). In addition,
other items require a one-time review by or notification to BIS prior to
export to most countries.[9] For instance, the BIS must be notified before
open-source cryptographic software is made publicly available on the Internet,
though no review is required.[10] Export regulations have been relaxed from
pre-1996 standards, but are still complex.[9] Other countries, notably those
participating in the Wassenaar Arrangement,[11] have similar restrictions.[12]

[0]
[http://en.wikipedia.org/wiki/Export_of_cryptography_from_the...](http://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status)

[9]
[http://www.access.gpo.gov/bis/ear/pdf/ccl5-pt2.pdf](http://www.access.gpo.gov/bis/ear/pdf/ccl5-pt2.pdf)

[10]
[http://www.bis.doc.gov/encryption/pubavailencsourcecodenofif...](http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html)

[11]
[http://www.wassenaar.org/participants/index.html](http://www.wassenaar.org/participants/index.html)

[12]
[http://www.wassenaar.org/guidelines/docs/Initial%20Elements%...](http://www.wassenaar.org/guidelines/docs/Initial%20Elements%20-%202009.pdf)

------
zvrba
I can't think of a reason why they'd remove sources for earlier versions from
SF. I mean, in this day and age _somebody_ is going to upload them again to
the internet.

~~~
skolor
Considering the licensing, its likely that the developers wanted to keep
development to themselves, and never turn it over to someone else. If the
ragequit theory is correct, its fairly reasonable for them to remove the
previous versions to make a fork slightly more difficult, especially since it
would be an illegitimate fork.

~~~
zvrba
It doesn't add up. You can't (easily) enforce licensing while remaining
anonymous, so why bother with removing the earlier versions?

If ragequitting, why bother with making a new release instead of just removing
_everything_ and changing the webpage? (Presumably, you already have a copy of
the SW if you have encrypted volumes.)

Also, note "you _should_ migrate data". Could this imply that cold storage is
not secure?

~~~
skolor
The kind of person I can see maintaining Truecrypt for a decade I can also see
making this decision. They're upset and are completely done with the project.
They take down all the old versions, knowing that the licensing means they're
largely useless for purposes of forking (unless you want to violate the
licensing, which causes questions to the validity of the fork). Despite their
frustration with the project, they still deeply care about crypto and keeping
their users secure, so they publish some brief recommendations on
alternatives, and release a read-only version of their software to support it.

There are any number of possible vulnerabilities that could exist. Its
definitely a plausible possibility. I could fairly easily believe that they
were contacted by a researcher who was about to publish a major AES flaw, or
one of the other algorithms in use.

There's a number of relatively plausible theories. I wouldn't be surprised if
we don't find out for 20 years what the actual reason for this was, when the
developer is on their deathbed.

------
23jimbo
Was not one of the selling points of truecrypt its ability to provide
'plausable deniability'? That is not so common in other crypto-products.

------
drKarl
Would it be feasible to use encrypted docker containers as a cross-platform
encrypted container solution?

~~~
DigitalJack
how would that work on windows? run linux in a vm and share over samba?

------
ambrop7
So what's the (Windows compatible and open source) software to transition
systems to?

~~~
gambiting
AS far as I am aware - there isn't one offering the same functionality.

Which is what makes it scary, because people all over the world are now left
with much less user-friendly choices for encryption.

------
gcv
Now that this party is over, does anyone know any wrappers for using gpg-zip
with some of the degree of convenience of TrueCrypt — at least, for the
limited case of keeping directories conveniently encrypted and useable?

------
seyfarth
Is there any reason this cannot just be forked?

~~~
ixwt
The license.

------
Eye_of_Mordor
Perhaps TrueCrypt was an NSA scam all along, 'retiring' before they're found
out? Worse still, a Russian/Chinese scam!

~~~
J_Darnley
Why is that worse?

~~~
logicallee
America has rule of law and the NSA had to go rogue to do what it did; once
their program was outed it's on all news, everyone is discussing; Americans
enjoy real rights.

If China or Russia had the same capabilities there would not be any
theoretical backlash against this being discovered, since par for the course
there is far less freedom. It's not the abstraction that's promised even
theoretically.

This is the same reason why it's better when Google (with its nominal "do no
evil" strategy) turned out to collect wifi data with its street cars, which is
not as bad as if Microsoft (with no such policy or mission) had done the same
thing.

~~~
J_Darnley
It might be limited in its actions against Americans but that doesn't make me
feel any better.

Also the program may have been outed but, it looks like some people are keen
to keep it running and possibly make it actually legal

~~~
logicallee
(Oh, I was just answering your literal question, very narrowly.)

~~~
J_Darnley
Fair enough. You weren't wrong.

------
zaroth
Why isn't BitLocker open source? If the new CEO wants to show he's serious
about user privacy, I think opening up BitLocker and letting everyone look
inside would be a great start.

One of the reasons I like iPhone is the idea that the security system and
drive encryption is not hopelessly broken. It would be great to have the same
level of confidence in BitLocker.

~~~
mehrdada
> One of the reasons I like iPhone is the idea that the security system and
> drive encryption is not hopelessly broken.

Where can you get the source of that?

~~~
chmars
There is no source for that. Data on iOS devices is not even fully encrypted
and accessible to law enforcement agencies etc.

