TrueCrypt, the popular and reputed open source file and disk encryption Software for Windows, OSX and Linux, has abruptly closed down Wednesday recommending its users to use Microsoft's Bitlocker.
TrueCrypt is a free, open-source and cross-platform encryption program, thereby one of the world's most-used encryption tool, trusted by tens of millions of users and recommended by NSA whistleblowerEdward Snowden.
TRUECRYPT IS NOT SECURE
On Wednesday afternoon, the users of TrueCrypt encryption tool redirected to the project's officialSourceForge-hosted page that displays a mysterious security warning message that the popular encryption tool has been discontinued and that users should switch to an alternative.
The official website for the TrueCrypt software warns the user that the open source encryption software is no longer secure and informs that the development of the software has been terminated.
At the top of TrueCrypt page on SourceForge displays a text in red colour that states, “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.”
“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform,” Truecrypt website warned.
WEBSITE HIJACKED ? SUGGESTING TO USE BITLOCKER!
The encryption software abruptly ended its support without providing any explanation from its developers side and recommended Microsoft's BitLocker as an alternative for Windows users, along with a detailed guide on how to migrate your encrypted data to BitLocker instead.
Now, this sudden security warning and suggesting Microsoft’s Bitlocker as an alternate raise many questions. Many people around the web have assumed that some hacker has compromised the SourceForge account of TrueCrypt, but yet it’s quite unclear whether it’s a defacement of the site or something controversial. Otherwise why the developers of free and open source encryption tool provider would recommend its users to switch on to the most controversial Microsoft’s Bitlocker drive encryption tool.
- Government or Intelligence Agency forced the developers to include a backdoor for them, but they refused and shut it down like Lavabit encrypted email service.
- Someone hijacked the website and Crypto keys to raise false alarms.
Matthew Green, who is a professor specializing in cryptography at Johns Hopkins University and also involved with the TrueCrypt audit, tweeted that he believes that the announcement is a legitimate exit on the part of the developer, and not a hack.
Significantly, the current version listed on the SourceForge page, version 7.2, was signed yesterday with the official TrueCrypt private signing key, the same key used by the TrueCrypt Foundation for as long as two years. This means the warning on the official homepage of TrueCrypt isn't a hoax posted by some hacker or cyber criminal.