ENCRYPTION SOFTWARE PRODUCT Truecrypt apparently has been revived, days after having been declared dead under mysterious circumstances.
Last Thursday, a notice appeared on the Truecrypt Sourceforge webpage that said, "WARNING: Using Truecrypt is not secure as it may contain unfixed security issues. This page exists only to help migrate existing data encrypted by Truecrypt." It advised users to migrate to built-in encryption.
However, another webpage based in Switzerland appeared over the weekend, with the banner "Truecrypt must not die", promising that it would ensure that the product has a future, and linking to an article in which security expert Steve Gibson confirms that he still believes in the safety of Truecrypt.
The decision to shutter the Truecrypt project was met with surprise, with some assuming that it was the result of a hacking attack. Gibson's post, however suggests that the developers, having discovered flaws during ongoing auditing, decided to shut the project down rather than fix it.
In a scathing dig at the decision, Gibson told readers, "But that's not the way the internet works. Having created something of such enduring value, which inherently requires significant trust and buy-in, they are rightly unable to now take it back. They might be done with it, but the rest of us are not."
The new website includes the download links removed from Sourceforge, along with a first for Truecrypt - a list of contributors, where previously they had guarded their identities.
The new website is hosted in Switzerland in the hope of avoiding any legal attacks from former developers or customers, allowing the new Truecrypt to fork away from its prior incarnation. µ