The Inquirer-Home

Truecrypt encryption is no longer secure due to Windows XP end of life

Stop using it
Thu May 29 2014, 11:18
Hands off Truecrypt

WHOLE DISK ENCRYPTION product Truecrypt is done, according to notes on its website.

The message has confused users, as it is not clear whether or not it is some kind of hoax or hacking defacement. The message is clear in its intent, though. It says that Truecrypt should be used only as part of a migration process. Instead, the firm recommends that users embrace Bitlocker.

The reason, though it's not stated in much detail, is ascribed to action by Microsoft, and Truecrypt said that the end of support for Windows XP forced its hand.

"WARNING: Using Truecrypt is not secure as it may contain unfixed security issues. This page exists only to help migrate existing data encrypted by Truecrypt..." it said.

"The development of Truecrypt was ended in [May] 2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. You should migrate any data encrypted by Truecrypt to encrypted disks or virtual disk images supported on your platform."

An uneasy consensus has welcomed the post and the advice as fact. However, no one seems to be underlining it with any real commitment.

"Initially there were suspicions that the Truecrypt webpage could have been defaced, or that a rogue member of the Truecrypt team could have mischievously updated the site with the abrupt message," wrote security expert Graham Cluley.

"But as more time goes on, there is a growing consensus that Truecrypt's anonymous developers might have genuinely decided to close the project - albeit in a somewhat bizarre fashion. Until the situation is clearer, however, you might be wise to be wary of downloading that software."

Brian Krebs, writing at Krebs Security, said that Truecrypt "apparently" has thrown in the towel.

What is possible is that the anonymous developers of Truecrypt, a system that was recommended by whistleblower Edward Snowden, might have been observing the fates of similar companies and thrown up a white flag as opposed to throwing in a towel. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015