TrueCrypt Under Audit, Its Future Unknown, To Migrate or Not To Migrate?

TrueCrypt Under Audit, Its Future Unknown, To Migrate or Not To Migrate?

by Dan Vlasic on 19 June 2014 · 2302 views

As a moderate TrueCrypt user, I wasn't checking on the news and updates, and blatantly missed the 7.2 update of the epic encryption software. And epic it is, 'Creating something of TrueCrypt's size and complexity, and holding it together as they did across the span of a decade, is a monumental and truly impressive feat of discipline,' says Gibson Research Corporation.

However, I experienced a moment of shock, with the ground sinking from beneath my feet, when I loaded truecrypt's sourcefourge website:
1 full TrueCrypt Under Audit Its Future Unknown To Migrate or Not To MigrateNo need to panic, however. If you calm down, and instead of rushing to find a more or less viable substitute, you start browsing and reading what online community has to say about the issue, you may as well do nothing.

4 full TrueCrypt Under Audit Its Future Unknown To Migrate or Not To Migrate

The amount of information and references is so huge there is no point reporting it all. Let's try to enumerate the most important ones.

1. TrueCrypt seems to be discontinued. Its developers utterly stated there'd be no further support.

2. TrueCrypt 7.2 allows you to decrypt volumes and disks, not create new ones.

3. TruceCrypt 7.1 works just fine both encrypting, decrypting and creating new volumes and encrypted disks.

4. TrueCrypt's source code is being audited. Part I has been audited already, and no critical vulnerabilities or backdoors have been found. You can even download the entire report and get a closer look at its results.
'iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas. The vulnerabilities described later in this document all appear to be unintentional, introduced as the result of bugs rather than malice.'

5. Part II of the audit seems to be in the process, and when it's done, we might have THE ONLY encryption solution that has been audited independently, which will effectively cement its status of the best mass storage encryption with cross-platform compatibility.

6. Amazon is still using TrueCrypt because they are not happy with alternatives.

7. Many users stick with TrueCrypt 7.1 until the results of Part II of the audit are published.

8. Many conspiracy theory adepts suggest that the message on TrueCrypt's website is a sort of bad Latin encrypted message warning users about TrueCrypt being hacked by NSA, and developers chose to abandon the project instead of giving the NSA, or whoever might be behind the whole plot, the keys.

9. Users who resorted to TrueCrypt never trusted Microsoft anyway, so suggesting they switch to Microsoft's BitLocker sounds like sarcasm or sheer mockery. Whereas it would be suicidal for Microsoft to leave backdoors for NSA in its encryption software, we know by now the worth of big tech companies promises, and their close collaboration with NSA and the Bilderberg group. Multiply that by Snowden revelations, and migration to BitLocker looks more like a trap for the naïve. Of course, I am paranoid, but it makes me feel even worse each time my paranoia receives yet another confirmation. So, just like the above-mentioned Lawfare and Gibson Research Corporations, as well as Amazon, I am waiting for that Part II of the audit. I might be wrong, though. If you are like me, but have a 7.2 version, you can still find the 7.1 release and get back to it.

10. Those of you who would rather migrate to a product with ongoing support and updates, are welcome to check out the following

TrueCrypt alternatives:

Windows Bitlocker
Since there is no confirmation of Microsoft leaving backdoors in its encryption software, we assume it has the right to be on the list. BitLocker has a recovery key option that can let you decrypt encrypted drives, and it is stored on Microsoft's servers.

DiskCryptor
This program is free and open source encryption solution for system and non-system partitions; it supports all recent OS versions of Windows, as well as third-party boot loaders, several encryption algorithms, hardware AES acceleration and external storage devices.

AxCrypt
This only works for encrypting individual files, not partitions, using AES 128-bit encryption and key-files.

AES Crypt
Cross-platform encryption for individual files that works for Win, Mac, Linux and mobile devices.

Cloudfogger
If you store data at Dropbox, Google Drive or OneDrive, you may want to check this one out. It encrypts files you store in the cloud using 256-bit AES, but does not work on Linux. When installed, it detects supported cloud services automatically.

Challenger
Encrypts individual files, folders and drives, Windows only. Official website does not reveal much information on encryption algorithms, though.

If you have more freeware suggestions, feel free to share them with us, so that we can update the list.

Comments (0)
Featured Articles