89

The official TrueCrypt webpage now states:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

with detailed instructions for how to migrate to BitLocker below.

Is it an official announcement or just a tricky deface attack?

Smi
  • 107
  • 5
user11153
  • 904
  • 2
  • 9
  • 17
  • 15
    Nobody knows yet. Wait for a bit, and the truth will come out. My money's on defacement at the moment. – Xander May 28 '14 at 20:26
  • 9
    If I were the NSA, this is more or less what I would do about Truecrypt. – Brent.Longborough May 28 '14 at 21:45
  • 2
    Was it ever? How do you know? 99.9% of TrueCrypt users would have never even noticed if all TC actually did was a XOR encryption. – Tomas Andrle May 28 '14 at 22:38
  • 13
    Strange, you can't even get an archive of `truecrypt.org`. https://web.archive.org/web/http://truecrypt.org: `Sorry. This URL has been excluded from the Wayback Machine.` – Chloe May 28 '14 at 23:00
  • 1
    @TomA That could be said for users of any software. The difference with TrueCrypt is that at least the source code is *available* for review - and it is exactly because of this that a crowdfunded [audit](http://istruecryptauditedyet.com) is currently in progress. – Iszi May 28 '14 at 23:30
  • [It seems that the new text is in a different tone than the rest of the dead-heavy cryptographer-ish old site.](http://truecrypt.sourceforge.net/OtherPlatforms.html) – Simon Kuang May 29 '14 at 01:06
  • Anyone noticed that `truecrypt.org` now redirects to the SF page? Maybe that means something. – Simon Kuang May 29 '14 at 01:37
  • Maybe it's just a response to the audit. – Simon Kuang May 29 '14 at 01:40
  • 4
    @SimonKuang The auditors have publicly stated they're just as confused about the whole thing as anyone else. So, that's fairly unlikely. – Iszi May 29 '14 at 03:28
  • I tried to wrap up a bunch of interesting information I ran across today [on my blog](http://jonathonreinhart.blogspot.com/2014/05/truecrypt-end.html), including a small peek into the code changes. Criticism welcome. – Jonathon Reinhart May 29 '14 at 03:35
  • 1
    @Chloe http://truecrypt.org/robots.txt explicitly contained "User-agent: ia_archiver" "Disallow: /" to exclude the archive.org crawler (At least the current SF page does so) – Volker Siegel May 29 '14 at 05:58
  • 4
    @VolkerSiegel It's gone. – Simon Kuang May 29 '14 at 06:12
  • @VolkerSiegel That's the problem with the Web Archive. Even if the original site did allow archival, a new site that registers the same domain can retroactively censor the entire site for everyone. – forest Sep 26 '18 at 05:47

3 Answers3

49

At this point, it is still unclear. Speculation runs rampant as to whether it's a defacement or official retirement.

That said, it is noteworthy that the latest version of TrueCrypt (before the 7.2 version that's now posted) is over two years old. Also no apparent efforts have been made to support whole-disk encryption on Windows 8, which even older than TrueCrypt 7.1a if you count in the publicly-available pre-release versions of the former.

Many Windows 8 users who used to rely on TrueCrypt are probably already migrated to Bitlocker for whole-disk encryption, so moving the rest of their TrueCrypt-protected data (if they haven't already) is a logical next step anyway. For anyone else, it would probably be preferable to wait until this whole mess is cleared up.

The first phase of the TrueCrypt audit, covering the bootloader and Windows kernel drivers, turned up less than a dozen vulnerabilities - the worst of which were rated as "Medium" severity. The report also said the source code "did not meet expected standards for secure code".

One of their recommendations mentioned:

Due to lax quality standards, TrueCrypt source is difficult to review and maintain. This will make future bugs harder to find and correct.

Another note stated:

The current required Windows build environment depends on outdated build tools and software packages that are hard to get from trustworthy sources

All of this, along with the two-year lapse in new releases and lack of full support for the latest OSs, does lend to the easy belief that TrueCrypt's team may indeed be throwing in the towel. If they did choose to do that, then TrueCrypt would in fact become insecure in very much the same way as Windows XP now is - any newly discovered security vulnerabilities would not be patched. A key difference between TrueCrypt and Windows XP however, is that compatible alternatives may still be developed and updated since TrueCrypt is open-source software.

Still, the very sudden and unexpected announcement is definitely worth some amount of skepticism. Until there's been further validation of the news, I would suggest that you not trust anything posted on TrueCrypt's website or SourceForge page - especially not the new "7.2" download.


Update: 2014-05-29 0645Z

Brian Krebs has reported on the issue, and given some sound reasoning as to why this is not likely a hoax. Additionally, he mentions that the people behind IsTrueCryptAuditedYet.com will continue their work despite the software project's current status.

Speculation still runs rampant online of course. However, though the continued anonymity of the TrueCrypt development team makes any undeniably authentic confirmation of their status nigh impossible. Matthew Green made a fair point in this tweet though:

But more to the point, if the Truecrypt signing key was stolen & and the TC devs can't let us know -- that's reason enough to be cautious.

Really, regardless of the signing key's status specifically, the fact that the TrueCrypt developers can't (or at least so far appear to not even have made any efforts to) issue any separate and authoritative communication to validate what's happened to their website should be enough to raise significant concern. If the TrueCrypt team is calling it quits, it's time to move on and find/make alternatives. If not, their lack of out-of-band response to this incident raises serious questions (more so now than ever) as to how much we can really trust them to maintain the sort of software we want to trust with our most valuable secrets.

Regardless of the status either way, it's probably best to seek alternative solutions. The recommendations on the TrueCrypt site aren't bad in general. However, they fall short of a few features TrueCrypt was known and loved for:

  • Cross-platform compatibility
  • Plausible deniability
  • Hidden partitions
  • Encrypted container files (you can do this with Bitlocker and VHDs, but it's not nearly as smooth and seamless as with TrueCrypt)

Update: 2014-05-29 1450Z

Jack Daniel has summed up my feelings on the topic quite well now, in a recent tweet:

So, yeah: hack, troll, ragequit, whatever- silence means TrueCrypt org can't be trusted, so neither can TrueCrypt. Damn.


Update: 2014-05-30 1545Z

GRC has posted claims that the TrueCrypt developers have been heard from, via Steven Barnhart.

https://www.grc.com/misc/truecrypt/truecrypt.htm

If the source can be believed (again, the public anonymity of the TrueCrypt development team makes certain authentication nearly impossible) then TrueCrypt is indeed no longer being actively worked on by the original team. Additionally, the license prevents anyone else from legitimately being allowed to write a new "TrueCrypt" (though it is possible they may be able to fork it under a different name).

One important thing to note, though GRC perhaps is a bit overly dramatic about it and may even be over-stating its value, is that the latest fully-functional version of TrueCrypt (7.1a) is - to public knowledge - still "safe" to use. Until such time as significant, and exploitable, vulnerabilities are discovered there's really no reason to consider 7.1a as inherently any more "unsafe" at the time of the truecrypt.org announcement than it was at any time before.

That said, one must also bear in mind (as noted earlier in this post) that any discovered vulnerabilities in TrueCrypt 7.1a will not be fixed in any future releases. Thus, it is still wise to begin seeking other alternatives. The same holds true here as it does for Windows XP - the only substantial difference being that XP has a much higher profile and will very likely accrue a very long list of un-patchable vulnerabilities (some likely exist already) much more quickly.

The Open Crypto Audit Project has tweeted a link to a "trusted archive" of TrueCrypt versions for those seeking older copies no longer available on truecrypt.org:

https://github.com/DrWhax/truecrypt-archive

Thanks to @Xander for pointing out the GRC article.

Iszi
  • 26,997
  • 18
  • 98
  • 163
  • 1
    Someone created diff of version 7.1a and newly released 7.2: https://github.com/warewolf/truecrypt/compare/master...7.2 Are something suspicious here? – user11153 May 28 '14 at 21:29
  • 2
    I'm sure the notice from Sourceforge saying everyone should change their passwords is completely coincidental and unrelated... though it happened at exactly the same time. – tylerl May 29 '14 at 00:41
  • That's disturbing to say the least. – Ben Sidhom May 29 '14 at 03:02
  • 1
    @tylerl - According to the [ISC Diary](https://isc.sans.edu/diary/True+Crypt+Compromised++Removed%3F/18177) the SourceForge password reset was done because they are changing their password hashing mechanisms. It is not related to any known attacks. – Iszi May 29 '14 at 03:11
  • @BenSidhom See above, RE: SourceForge PW reset. – Iszi May 29 '14 at 03:12
  • Yes, that's what the email from SourceForge indicated. However, my concern is that this may be a concerted effort (maybe involving SF itself, maybe involving SF being compromised unknowingly). – Ben Sidhom May 29 '14 at 06:43
14

Significantly, TrueCrypt version 7.2 was certified with the official TrueCrypt private signing key. That suggested the page warning TrueCrypt isn't safe wasn't a hoax posted by hackers who managed to gain unauthorized access. After all, someone with the ability to sign new TrueCrypt releases probably wouldn't squander that hack with a prank. Alternatively, the post suggests that the cryptographic key that certifies the authenticity of the app has been compromised and is no longer in the exclusive control of the official TrueCrypt developers. ArsTechnica story

While it is certainly dramatic, some more certainty of what's going on would be nice from the TrueCrypt team. This lack of sensible confirmation from people provably connected to TrueCrypt does strengthen the defacement theory.

EDIT: In the Hacker News discussion this poster claims that the keys were only updated 3 hours before signing the new release.

Same key as the previous binaries? I doubt it, given that the keys were replaced mere 3 hours before the new binaries were published

EDIT2: A SourceForge representative says :

Providing some details from SourceForge:

  1. We have had no contact with the TrueCrypt project team (and thus no complaints).

  2. We see no indicator of account compromise; current usage is consistent with past usage.

  3. Our recent SourceForge forced password change was triggered by infrastructure improvements not a compromise. FMI see http://sourceforge.net/blog/forced-password-change/

JoltColaOfEvil
  • 850
  • 1
  • 7
  • 13
  • 5
    Finding "people provably connected" has always been hard. The TrueCrypt team has operated largely in anonymity for years. – Iszi May 28 '14 at 21:29
12

Before this change, there was a gpg public key on their website. If this was for real, I dare say they would at least have signed the message.

Besides, Truecrypt is an open source project so there is no way that "development has ceased. Anybody could continue development or fix bugs. Lots of free and open source software is largely maintained by a community.

I don't see how this announcement makes sense in any way. The writer could be luring people to Bitlocker and then exploiting a bug in Bitlocker, though it seems very far-fetched since it's not remotely/mass exploitable. Or he could just be wanting to mess with users because of bad blood (assuming he was a developer and thereby had access to the website).

Looking at historical DNS records, the IP address does not seem to have changed. At least it's not another DNS hijack.

Edit: I just read the binary was signed so it's either a big hack or a rogue developer. Meanwhile my money is still on it being FUD: the message would have been different if there really had been issues. At least it wouldn't have suggested proprietary software as a replacement.

Luc
  • 31,973
  • 8
  • 71
  • 135