AMAZON WEB SERVICES (AWS) is continuing to use Truecrypt encryption, despite the sudden end of the project two weeks ago.
The encryption software project was closed without warning by its creators, who posted a message on the project home page saying, "WARNING: Using Truecrypt is not secure as it may contain unfixed security issues. This page exists only to help migrate existing data encrypted by Truecrypt...".
The closure caught everyone on the hop from developers to users and hosting companies. A fortnight later and web hosting services at AWS are, according to its documentation, still using the allegedly vulnerable version of Truecrypt as the only form of encryption for AWS Import and Export services.
At the time the project was closed, the authors provided an updated version of the package allowing only downloading of data, in order to allow users to migrate to other encryption systems.
AWS has yet to release a statement on the matter and was not immediately available for comment.
Since the closure of Truecrypt, the project has reemerged in Switzerland under new management, which has reposted to code and is actively seeking developers to carry on with a new fork of the software product.
This new Truecrypt has yet to publish a stable version, however, and there is no indication yet how stable the project will be. At present the source code is being audited and an interim edition, Truecrypt 7.1a, has been posted.
Amazon has responded to the report, telling The INQUIRER, "AWS Import/Export is the only AWS service that uses Truecrypt, but AWS is aware of the statement on the Truecrypt website and continues to monitor closely." µ
Sign up for INQbot – a weekly roundup of the best from the INQ