Twitter has been ablaze with controversy over an announcement from one of the official TrueCrypt websites that the widely used encryption software is no longer a viable option to keep files, documents, and confidential information on the low down.
For years TrueCrypt has been the go-to solution for anyone who wanted a simple, but highly secure way to encrypt their personal files and information. After the revelations came forth that the NSA had the ability to hack nearly any computer on earth with their quantum-grade cracking computers, supporters of the standard began shelling out their own hard earned cash to fund an international audit which would be tasked with determining whether or not their favorite evasion maneuver had been compromised without their knowledge.
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
No one has come forward to confirm this claim of code calamity just yet, though with so much money and human resources being thrown at the audacious audit of TrueCrypt, it’s also not something that should be taken too lightly until all sides of the story weigh in on what they think the issue might be.
After it was revealed that the NSA is capable of decoding massive troves of data at a time without so much as a flinch, privacy advocates and the generally security-conscious were led even deeper into the already murky shadows of personal encryption tactics, and have found less and less viable options to turn to when trying to find a permanent encryption tactic that works for them.
One of the leaders of the movement to audit TrueCrypt, cryptography professor for Johns Hopkins University Matthew Green, has told the press he had no advance notice of the issue, and that the whole thing is just as much news to him as it is to the rest of us.
The newest version of the program available on the TrueCrypt.org page now comes plastered with a warning that it is “not safe to use”, and that users should be wary of any content they attempt to lock up with the software until the problem can be properly analyzed further.
Even the original TrueCrypt 7.2 signing key seems to suggest that the announcement isn’t a hoax, claiming that as far as the company behind it can tell, their standard for secrecy has in fact be compromised, and that all users who depend on it should re-evaluate their options as soon as they feasibly can.