
TrueCrypt, the final release, archive - buddylw
https://www.grc.com/misc/truecrypt/truecrypt.htm
======
tagawa
"So, thanks guys . . . we'll take it from here." seems like an understated
reaction. More like a huge thank you for 10 years of hard work, with no
personal recognition, providing the world with a free, trusted and
increasingly useful aid to security and privacy. Whatever path the devs have
chosen to take, TrueCrypt users everywhere are very grateful.

------
kijin
Note to the devs:

Thank you for your hard and unappreciated work for the last 10 years.

But if you're no longer interested in continuing to devleop TrueCrypt, could
you _please_ replace the license on 7.1a with one of the OSI-approved, DFSG-
compatible licenses so that other people can keep developing and using
TrueCrypt if they want to? I know that you think it's risky to keep using
TrueCrypt, but there seem to be plenty of people who are willing to fork over
tens of thousands of dollars to discover and fix any security issues.

An email sent to the auditing team and/or a message published on the official
website, signed with your usual keys, should suffice.

------
B-Con
This really doesn't feel satisfying. What about the bizarre way the project
was taken down? They really recommend Bitlocker? They literally think you
should just grep for "crypt" and use the result for your needs?

I guess I can buy that declaring it insecure because the dev team is no longer
maintaining it makes sense.

Assuming this is legit, I wonder if the move toward cloud storage and mobile
devices made them feel that they were slipping into a niche need. I disagree
(to some extent), but maybe they felt the bulk of their usefulness was behind
them.

------
ruskerdax
Is there any proof that these statements from the devs are legit?

------
higherpurpose
They still don't want to explain why they took it down so abruptly, which is
strange to say the least for a popular 10 year project.

Also, why didn't they make it easy to continue to project with the license,
and why do they keep saying that forking Truecrypt is "harmful"?

~~~
mintplant
Perhaps they believe that, without them at the helm, any new people who take
up the project won't know the code or crypto well enough, creating new
security holes.

------
miles
The writing style in this letter is completely different from that on the
TrueCrypt page. If this letter had been posted originally, the whole episode
would have been viewed much differently. And why does the author of this
letter assure readers that "As far as we know, TrueCrypt is utterly
uncrackable", while the TrueCrypt.org page (or rather, the
truecrypt.sourceforge.net page to which it redirects) screams (in red at the
very top), "WARNING: Using TrueCrypt is not secure as it may contain unfixed
security issues"?

EDIT: Sorry - as brazzy and NickSharp kindly point out below, the letter was
imagined and written by Steve Gibson. As the HN title at the moment is "One of
the TrueCrypt Devs Responded", I missed that.

~~~
brazzy
Are you talking about the _imagined_ letter that is, uh, not actually from the
Truecrypt devs?

~~~
miles
Sorry - completely missed that. The title of the HN post at the moment is "One
of the TrueCrypt Devs Responded".

------
vonklaus
If this is what they want I am glad they can move on. I just feel like if
there was ever a time to be interested in the project it would be now.
Obviously, privacy has always been relevant, but given the microscopic lens
everyone is under the problem seems relevant, challenging and exciting. The
exact opposite time to walk away.

------
lvs
I think the issue really is XP and the 20 year old compiler. It would be
insecure to compile on an unpatched OS, and my guess is that they've been
unable to get it to work satisfactorily in an updated compiler. Simple as
that?

~~~
btgeekboy
Given that the application is open source, wouldn't that reason be easy to
verify?

