
Ask HN: What ever happened with the TrueCrypt shutdown? - Tech1
I haven&#x27;t heard anything since the first few forum posts. Did we ever figure out definitively if it was a hack, information operation, canary, dead man&#x27;s switch or what?
======
tobias3
Conjecture: TrueCrypt was developed by mainly by one person. This person did
write TrueCrypt to encrypt his WinXP Laptop/PC, but does not need it anymore
now, because he can now use Bitlocker.

TrueCrypt is a consumer facing Open Source project. Those rarely have a large
developer community and seldom get patches. Most successful ones are backed by
corporate interests (Firefox, Eclipse, VirtualBox, ...).

Having no need of TrueCrypt himself, no other developer in the community to
whom he could entrust the project and faced with drudgery the like he probably
also has at his job (except he gets payed there), he probably did not want to
continue developing and improving TrueCrypt (e.g. EFI support).

At this point. Since it is a critical security product there is no other
option then to warn of all users. If there is a fork, it has to earn its
reputation first.

I view truecrypt.ch as a bad development, since a) TrueCrypt is trademarked by
the developer and b) the TrueCrypt license explicitly says that you cannot
fork the project without renaming it to something other than TrueCrypt.

See
[https://www.grc.com/misc/truecrypt/truecrypt.htm](https://www.grc.com/misc/truecrypt/truecrypt.htm)
"And then the TrueCrypt developers were heard from . . ."

~~~
u124556
Who is going to complain if someone uses TrueCrypt's name? Can anonymous
people retain copy rights over their work?

~~~
webmaven
Yes, they can. Enforcing those rights is more difficult if you wish to
_remain_ anonymous, but still possible.

------
MiWDesktopHack
Steve Gibson has also made the TrueCryptⓇ Final Release Repository at
[https://www.grc.com/misc/truecrypt/truecrypt.htm](https://www.grc.com/misc/truecrypt/truecrypt.htm)

I had to use this mirror recently as there are already bad copies floating
about; it is a trusted hosting for the last ungimped version for windows and
linux. check the hashes n' sigs!

------
aaw
The best of all the conspiracy theories was
[http://pastebin.com/9catw4X7](http://pastebin.com/9catw4X7).

~~~
pessimizer
Wow. I'm going to spread that one around:)

------
abdullahkhalids
There is this person claiming "I can confirm presence of TrueCrypt duress
canary as per 2004 conversation."

There were a bunch of other tweets with further details, but those seem to
have been deleted.

[https://twitter.com/AlyssaRowan/status/472303977997279232](https://twitter.com/AlyssaRowan/status/472303977997279232)

Note: I am not claiming this is necessarily true.

~~~
tptacek
I don't know anyone who works in cryptography who thinks those twerps were
credible. Do you? I'd be interested in a name.

~~~
abdullahkhalids
A developer for tor (@puellavulnerata) retweeted this. That is the only claim
to it's credibility that I know of

------
dewey
Following [http://truecrypt.ch/](http://truecrypt.ch/) and
[https://twitter.com/TrueCryptNext](https://twitter.com/TrueCryptNext) is a
good resource to get new information on this case at the moment.

I haven't come across any new and definite information since the
hack/shutdown.

~~~
korzun
So a random developer with 4 years of experience teamed up with a Drupal
developer to take leadership of this project?

This is pretty sad/funny.

~~~
Foxboron
What about the fact its his first C project on Github?

~~~
teach
That doesn't necessarily mean anything. Github is very, very new relative to C
development. There are programmers who had coded in C for decades before
Github even existed.

------
hbeaver
I would encourage you to listen to Steve Gibson's Security Now podcast on
Twit. But the gist is TrueCrypt has not been hacked. Take a listen to the
"TrueCrypt WTF?" episode.

[http://twit.tv/show/security-now](http://twit.tv/show/security-now)

------
nodata
It was discredited. Mission accomplished!

